[Cryptography] best practices considered bad term

[Kent Borg]

The National Electric Code benefits from dealing with a well defined 
problem. Frustrating as I presume it can be, it is still a reasonable 
thing to try to standardize.

But when precisely defining the problem is the bulk of the task--as I 
think is true of all programming--standards like the NEC can only work 
at a micro-level (e.g., AES) and won't secure the entire system. 
(Process standards, however, could offer some hope, though I assume only 
frustration.)

-kb