[phillmv]

Hi, I'm with http://rubysec.github.com/

We maintain a freely available advisory database https://github.com/rubysec/ruby-advisory-db/ designed to be easily machine readable.

We also maintain a free ruby-wide security announcement mailing list: https://groups.google.com/forum/?fromgroups#!forum/rubysec-a...

The rubysec-advisory-db is meant to power discovery tools such as https://github.com/postmodern/bundler-audit (from which it was originally extracted) or https://gemcanary.com (it bears mentioning that my company made it). I'm pretty sure it will be used in codeclimate's upcoming security monitor https://codeclimate.com/security-monitor given that Bryan is a regular contributor.

If you're interested in security, please consider checking us out. Most of rubysec is composed of security professionals, and we're all interested in improving the ecosystem-at-large. Submit issues against the advisory or simply fork it https://github.com/rubysec/ruby-advisory-db/

Regards and apologies for slightly hijacking the thread.

[ainsleyb]

No problem at all! We may very well start crawling your advisory DB for our own mailing list, which isn't limited to just Ruby, to be fair. ;)

It's always good to have more eyes on security issues - Ruby or not - and keeping the community informed. Feel free to get in touch with us at support@tinfoilsecurity.com - we'd love to chat about any ways we can work together.

[a_bonobo]

I'm one of the guys who uses gemcanary for one (open source) repo and so far I have to say I'm impressed, was informed some time last night about the new vulnerabilities and already updated the project. Thank you for the service!