tommorris.org

Discussing software, the web, politics, sexuality and the unending supply of human stupidity.


There’s a long blog post about what your startup should learn from Rails security issues.

Let me give you a short version.

What to do: realise that all software will have security issues. Make sure your team are on the mailing lists for security and release announcements of the software you use. Apply patches to your servers. Become friends with other people who use the same software so if they know about an issue, they circulate it to you too. Don’t be an idiot. Evaluate future information security risk and potential disasters in your strategic planning.

What not to do: write a long blog post about how you hate Rails and are going to be moving to a different framework/language/tool that has no security issues at all!

Which of these two reactions do you think will get more readers on Hacker News?