Ruby-on-Rails—it’s modular, expressive, and broadly supported by legions of loyal developers. From Twitter to GroupOn, many of the world’s most trafficked websites have relied on Rails to deliver scalable and highly available web services. But as GitHub discovered a few years back, the language/framework is not without its security flaws—65 to date, per the CVE database. Here are the top 15 and how to remediate and/or prevent them from being exploited.
This is a tale of a newcomer vs a relative oldie in the Configuration Management (CM) arena. Both are tools to help the sysadmin or devops professional to better manage large numbers of servers. They excel at stuff like repetitive task automation, simultaneous deployment of apps and packages to a group of servers, or configuration and provisioning of new servers from scratch.
Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.