Protecting sensitive data with cryptography has become a key part of most applications. Simply failing to encrypt sensitive data is very widespread. Applications that do encrypt, frequently contain poorly designed cryptography, either using inappropriate ciphers or making serious mistakes using strong ciphers. These flaws can lead to disclosure of sensitive data and compliance violations. The failure to protect sensitive data in storage using a recommended industry standard encryption algorithm represents a vulnerability. In addition, the failure to use a sufficiently strong implementation of the algorithm (usually measured in terms of the key-length) that is commensurate with the value of the information being protected is also considered a vulnerability.