I actually started looking into veracrypt and found this post
val (val) 2014-07-02 21:02:16 UTC #17
I question the effectiveness of VeraCrypt. The current linux install for it changes the user and group ownership of critical system directories, including /usr to "500" (the proper ownership for that directory is root:root and should not have been touched by the installer). Surely it is a bug, but such a glaring bug that seriously compromises the integrity of the filesystem is a clear indication that there's something wrong with quality control on that project.
val (val) 2014-07-03 01:36:25 UTC #19
It was not inherited from Truecrypt. The bug is unique to Veracrypt. By changing the owner and group ownership of various critical system directories, installing veracrypt on linux breaks a variety of unrelated software that are expecting sane ownership of those directories (virtualbox for example). Nothing should be changing permissions of your directories without letting you know. This is a fairly serious bug and reason enough not to trust that team. In this instance, Veracrypt surreptitiously changed the ownership and group ownership of system directories to something that doesn't make any sense; what else might it accidentally do without telling you in the future? This doesn't leave me with a good feeling about that project. Pushing out a product with some bugs is one thing, pushing out a product that breaks your system is quite another.
Go ahead and install veracrypt on a linux VM to see what I mean. I've only tested the 64 bit gui installer, so try that one first. Perhaps not all of the other installers are broken, but that one is.
The whole post and the response from mounir (Lead Dev) is at this link below
https://forum.truecrypt.ch/t/why-not-veracrypt/133
I don't know what there policy is for commits but ciphershed actually has a review team that thoroughly reviews code before any commits but are painfully slow at rolling things out because there taking there time and being thorough.. I think it's strange veracrypt project started just before the truecrypt team quit which is suspect to me maybe I'm paranoid idk. Veracrypt is located in france and there lead dev is very skilled if that's what your asking but idk how good there review policy is and that's what worry's me. Not only this but google researchers found these bugs in truecrypt's code CVE-2015-7358 and CVE-2015-7359 and it affected veracrypt as well but truecrypt just got a "professional audit and somehow missed this very serious bug. What else could they have missed? anyways i'm going to bed i'll look at the handbrake thing tomorrow