Sunday, August 13, 2006
Ruby on Rails and Security of the Enterprise
By now, everyone knows that Ruby on Rails has a major security flaw and that patches have been issued. I figured I would provide my two cents on this...
I suspect that folks from the SmallTalk community and other second class languages have used this event as a platform for pushing their own agenda. Instead of throwing daggers, I would like to commend the Ruby on Rails community for stepping up and addressing the needs of their users in the most expedient manner possible.
Maybe the thing that needs to occur is for industry analysts that like what the Ruby on Rails community is doing, that they could provide some additional assistance. What would happen if say Martin Fowler and employees from Thoughtworks decided to contribute ten copies of Fortify Software's security coding tools so that the code base would get even better?
What would happen if say the folks over at RedMonk where to write up a case study on how open source communities are better at addressing security exposures than proprietary closed source companies using the open source analysis approach?
Anyway, folks in the Ruby community, keep up the good work!
| | View blog reactionsI suspect that folks from the SmallTalk community and other second class languages have used this event as a platform for pushing their own agenda. Instead of throwing daggers, I would like to commend the Ruby on Rails community for stepping up and addressing the needs of their users in the most expedient manner possible.
Maybe the thing that needs to occur is for industry analysts that like what the Ruby on Rails community is doing, that they could provide some additional assistance. What would happen if say Martin Fowler and employees from Thoughtworks decided to contribute ten copies of Fortify Software's security coding tools so that the code base would get even better?
What would happen if say the folks over at RedMonk where to write up a case study on how open source communities are better at addressing security exposures than proprietary closed source companies using the open source analysis approach?
Anyway, folks in the Ruby community, keep up the good work!
