I'm a software architect and engineer working with Castle.io. I have experience in a wide variety of business applications built using multiple Ruby frameworks. I’m particularly interested in code quality and Ruby-based applications security. I’m an active OSS contributor and maintainer of various projects including Karafka, dry-rb libraries and Bundler-Security project.
A complete guide to Ruby gems security
Ruby gems aren't fundamentally safe. Several gems were infected last year, and constant attempts are being made to do the same with others. It's not only the execution that is a problem but the installation process as well.
Are there any ways for OSS users to regain control over what is being executed on their machines and their servers? Are there any ways for libraries maintainers to provide higher transparency over what they ship? Come, find out and let's exploit the Ruby gems world together!