In information security, we almost always find hardcore bugs. The internet is a patchwork of bugfixes and new security holes.
Applies to banks as well, although they usually audit before release, so released version is usually ok.
"Military grade encryption" usually means the company does not know what they are talking about and it's a huge red flag.
You can have the strongest encryption in the world but if implemented incorrectly it’s as good as having none. That’s the part most Orgs go wrong with.
Not really. Sometimes it's the case, but usually the problems have nothing to do with encryption or its implementation, but with the security design and implementation of parts that have nothing to do with encryption.
Encryption is usually an open source library that they just use.
