Did you know that in 2022, over 400 malicious packages were released to RubyGems? That's more than one per day! Our packages ecosystem may not be the biggest, but sure it is being actively exploited!
Are you worried? Don't be! You are not alone! RubyGems has a security team actively monitoring and mitigating various threats to ensure that the gems ecosystem is safe and sound. The previous year was when the RubyGems security team would have to issue critical CVEs related to RubyGems security. Still, at the same time, we spent days and nights making sure that the discovered vulnerabilities were not actively exploited.
Join me on an adventure from one critical vulnerability to another. Let's explore the world of malicious packages together and learn how you can ensure your safety in this world full of threats and bad actors.