[uniclaude]

Please explain for those of us who are not good enough in the field (I'm genuinely asking).

I was under the impression that software like GnuPG and OpenSSL could be considered safe, so seeing a security professional warning about a negative track record of open source cryptography is worrisome.

What exactly should we be careful of when it comes to open source cryptography?

[lvh]

Not all open source code is broken; just a lot of it is. I think tptacek is trying to say that open source vs closed source is a mediocre predictor of the quality of a cryptosystem :)