I began using verarypt before the truecrypt fiasco simply because it (the changes w iterations) made sense. The earliest builds of VeraCrypt were easy to verify as changes could be compared with the original source code of each and they did check out with only text and iteration changes. Now that Verarypt has taken the ball further (fixing issues reported in the audit and adding new features) it's not the same. So not being a dev or familiar with coding in general I currently take it with a leap of faith atm and haven't bothered looking at the source code with each revision any further as they'd easily be able to 'get one past me' if they tried to add something unsavory. For me at least, the fact he was improving upon it even before truecrypt vanished gives it a tad more credibility. Though if I was wearing a tin foil hat I might suggest that veracrypt was behind it from the start and they knew it was coming so they started building trust early so that they could exploit it later.