I absolutely agree with everything in this post :)<p>I think a lot of the current approach to infosec and cryptography makes most rank-and-file programmers feel like they shouldn't bother because they'll get it wrong anyway. Unfortunately that just means more harebrained schemes, not less.<p>My own humble contribution to this cause looks more at the issue from a pure cryptographic point of view than a more general information security point of view. My PyCon 2013 talk is available for anyone to see (thanks, PyCon!), and is a very high level blitz through what it takes to get a TLS connection set up: <a href="http://pyvideo.org/video/1778/crypto-101" rel="nofollow">http://pyvideo.org/video/1778/crypto-101</a>. I'm currently trying to turn that into a book.
Yeah, there should be more tutorials and articles out there for helping new developer learn more about security, I find it amusing that school haven't added secure programming as one of their subjects and thats why it is often neglected by new developers.<p>PS: Tweet word count is 140 ;)