[benmmurphy]

I've worked with other vendors. The rails security team is the best I've worked with. The major positives:

* Quick turn around. I have another vendor where it takes up to 3 months to get stuff fixed. :(

* They give you a patch to review before releasing publicly. This is very important and gives researchers a chance to fix any problems with the patch. With another vendor their fix missed a really obvious attack vector and anyone who diffed the code would have been given a free zero day vulnerability. :(

[dasil003]

As an average joe web dev I also found the security team very easy to work with when I discovered a vulnerability. In that case I worked directly with them to create the patch that was released as Rails 2.3.5. It was something like 48 hours from the time I discovered it to the release.