Not as smart as we think
Not all of this staggering incompetence was on Meyer's watch, but her tenure will be the How Not To textbook for CEOs for the next century. She had time and money to get it right, and instead we got posturing, alienation of an entire workforce, wild shopping sprees, serial unforced mistakes ... well, as doctors say: Yahoo is "circling the drain".
To specifics, though, I suspect part of the problem is that developers are not all as clever as they think. That's not a general criticism of skills, more of an observation about culture and assumptions. When you can write good code, it's easy to develop a sense of superiority. A skilled developer will frequently come into contact with people who work in marketing or sales or HR or other Centres of Mediocrity¹ and it takes rare humility and patience not to come away shaking your head like a dog with a horsefly in its ear, thinking "Blimey, I've spent hours talking to gro-bags."
But even good techies can get over-confident, and I think I have seen it a lot where encryption is concerned. Perhaps it's to be expected: even quite decent mathematicians sometimes don't really understand the depths of crypto very well. Everyone knows the story of amateurs who dream up 'unbreakable'² crypto which really, really isn't. But even quite knowledgeable techies can be prey to the same delusion: it is awfully easy to obfuscate something and tell yourself that no one else will see through it, perhaps convince yourself that no one else would be motivated even to try hard enough.
If it hasn't already been done, there is a growing case for every serious coding course to include a module on crypto: not just implementation of this or that algorithm, but to get under the skin of the math somewhat, so that new developers actually gain an understanding. After all, as surely every coder learns: if you don't know the math underlying a problem or process, you really can't write good code for it.
¹ Not mentioned in management texts as frequently as 'Centres of Excellence', which is odd, since they outnumber the latter by 10 to one ...
² As someone (might have been Schneier?) said, speaking of enthusiastic or naive amateurs: "You may be able to create a crypto system *you* can't break. But you almost certainly can't create one that *we* can't break.
Biting the hand that feeds IT
