Anyone who says security is easy is probably not doing it correctly. It's insanely difficult to make sure things are done properly, across every process within a system!
Amen. This, a hundred thousand times this.
Too bad it doesn't stop people from rolling their own crypto and "secure" protocols. The problem is that developers often forget that the real world isn't anything like their desks where everything works in a controlled manner.
