Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Organizational Practices in Cryptographic Development and Testing



Julie Haney, Simson L. Garfinkel, Mary Theofanos


Organizations developing cryptographic products face significant challenges, including usability and human factors, that may result in decreased security, increased development time, and missed opportunities to use the technology to its fullest potential. To better identify these challenges, we explored cryptographic development and testing practices by conducting a web-based survey of 121 individuals representing organizations involved in the development of products that include cryptography. We found that participants used cryptography for a wide range of purposes, with most relying on generally accepted, standards-based implementations as guides. However, many also developed their own implementations and drew on nonstandards based resources to inform their development and testing processes. Our results also highlight challenges that incorporating cryptography within products creates within organizations, including the recruitment and management of talent, the product lifecycle, and the ability to explain the security value of products to customers. We conclude by discussing implications of these findings and opportunities for future research.
Proceedings Title
5th IEEE Conference on Communications and Network Security
Conference Dates
October 9-11, 2017
Conference Location
Las Vegas, NV, US
Conference Title
IEEE Conference on Communications and Network Security


cryptography, usability, cryptographic standards, developer survey.


Haney, J. , Garfinkel, S. and Theofanos, M. (2017), Organizational Practices in Cryptographic Development and Testing, 5th IEEE Conference on Communications and Network Security, Las Vegas, NV, US, [online], (Accessed July 12, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created October 8, 2017, Updated October 12, 2021