Tuesday, August 28, 2007


The Insecurity of Ruby on Rails...

Java has the notion of a security manager where folks can specify what types of code can be allowed to execute. Ruby currently has no such notion. While I know this is under development, one needs to ask whether using Ruby without one is a security risk?

Likewise, if you haven't familiarized yourself with the notion of Secure Coding practices and tools such as Fortify, Coverity, Ouncelabs, Klocwork or other tools in this space then you might not have noticed that none of them are focused on the security of an application developed in Ruby.

In thinking about these tools, I think it would be a wonderful idea for James Governor of Redmonk to dig deeper into this space. After all, compliance orientation should start with writing code correctly...

<< Home
| | View blog reactions

This page is powered by Blogger. Isn't yours?