Overconfident developers persist in writing their own cryptographic code, despite warnings against it. One common trend is developers justifying their actions by using lower-level cryptography libraries. An example is a startup that revisited flawed cryptography code previously vulnerable to a Padding Oracle Attack. Many developers make grave security mistakes, such as storing decryption keys next to encrypted data and implementing encryption in SQL queries. The lack of easy-to-use, secure cryptography tooling leads to developers repeatedly falling into the trap of rolling their own encryption, often unaware of the risks involved. The need for improved key management solutions is highlighted in the face of ongoing security vulnerabilities.
https://soatok.blog/2025/01/31/hell-is-overconfident-developers-writing-encryption-code/