Ruby is becoming mainstream and thus the implications of security are much more far reaching. Is there anything the Department of Homeland security can do to help support this community and the hard working open source devs that donate their free-time to keep it secure?
How could government funding help improve security of the Ruby ecosystem?
- Best practices for Ruby security site (evanphx)
- Free security analysis by certain experts for gems. A gem author could request analysis of a gem and the funding would go to the reviewer. (evanphx)
- Enlist more people on the Rails security team (tenderlove)
- Pay someone to be on-call for security help 24/7 responsible for prioritizing and funneling security issues through to devs (evanphx)
- Emulate the Ruby Hero program with a “Ruby Security Hero” that would award some monetary amount to the winners. (joegoggins)
- Partner with Code Climate to find a way to provide discounted or free licenses to Security Monitor to companies supporting Ruby applications that have national security implecations. (joegoggins)