Could the Ruby way become a bit safer and more secure in time?
Evaluating the security of a framework is difficult, because not all frameworks receive the same level of scrutiny. I'm considering this Ruby's "Microsoft moment". We're at a period of time where a lot of people are scrutinizing popular Ruby projects like Rails and Rack. I'm hoping that the outcome of this will be:
* Many security vulnerabilities are found and patched
* More Ruby developers will consider security first, because that's what's in the news
Maybe I'm just a little pollyanna in the brain, but there's good work being done in Ruby right now.
I'd agree that, in the ruby community in general, or at least the English-speaking ruby community, general cultural values seem to be "dev early, release early, security hole early". Valuing innovation and release-often over stability/reliability. There are certainly some projects/developers that go against this cultural norm, but we are certainly not the first to recognize it as a general cultural norm in rubydom (and it's got benefits as well as disadvantages).
Secure is not cool, nor magic enough, it seems.