If anyone trusts a rails app for real money, they're an idiot. Homakov made his report today and they'll patch these bugs but did he get them all? What about new code that is written? Will he watch every commit made in the future? Or the deployment environment? What about code that was out of scope for this assessment?
An audit report like this does not make a secure app. And Rails does not lend itself to one either. Without any mitigating controls, all it takes is one bug and you lose all your bitcoins...
An audit report like this does not make a secure app. And Rails does not lend itself to one either. Without any mitigating controls, all it takes is one bug and you lose all your bitcoins...