Let me give you a short version.
What to do: realise that all software will have security issues. Make sure your team are on the mailing lists for security and release announcements of the software you use. Apply patches to your servers. Become friends with other people who use the same software so if they know about an issue, they circulate it to you too. Don’t be an idiot. Evaluate future information security risk and potential disasters in your strategic planning.
What not to do: write a long blog post about how you hate Rails and are going to be moving to a different framework/language/tool that has no security issues at all!
Which of these two reactions do you think will get more readers on Hacker News?