

Rails Vulnerability Compilation - ainsleyb
http://blog.tinfoilsecurity.com/recent-rails-vulnerabilities

======
phillmv
Hi, I'm with <http://rubysec.github.com/>

We maintain a freely available advisory database
<https://github.com/rubysec/ruby-advisory-db/> designed to be easily machine
readable.

We also maintain a free ruby-wide security announcement mailing list:
[https://groups.google.com/forum/?fromgroups#!forum/rubysec-a...](https://groups.google.com/forum/?fromgroups#!forum/rubysec-
announce)

The rubysec-advisory-db is meant to power discovery tools such as
<https://github.com/postmodern/bundler-audit> (from which it was originally
extracted) or <https://gemcanary.com> (it bears mentioning that my company
made it). I'm pretty sure it will be used in codeclimate's upcoming security
monitor <https://codeclimate.com/security-monitor> given that Bryan is a
regular contributor.

If you're interested in security, please consider checking us out. Most of
rubysec is composed of security professionals, and we're all interested in
improving the ecosystem-at-large. Submit issues against the advisory or simply
fork it <https://github.com/rubysec/ruby-advisory-db/>

Regards and apologies for slightly hijacking the thread.

~~~
ainsleyb
No problem at all! We may very well start crawling your advisory DB for our
own mailing list, which isn't limited to just Ruby, to be fair. ;)

It's always good to have more eyes on security issues - Ruby or not - and
keeping the community informed. Feel free to get in touch with us at
support@tinfoilsecurity.com - we'd love to chat about any ways we can work
together.

------
Bjoern
Its quite interesting that even customers start asking now "oh its rails, that
is so insecure". Sign, quite alot of media hysteria going on.

------
jorgenev
This was a good write up.

