[LRUG] Keeping track of new security vulnerabilities?
Frederick Cheung
frederick.cheung at gmail.com
Fri Sep 20 02:11:53 PDT 2013
On 20 Sep 2013, at 10:07, Romek <romeks at gmail.com> wrote:
> Hi,
>
> To keep up with CVEs, don't do it yourself. Let NIST do it for you...
>
> http://carnal0wnage.attackresearch.com/2013/04/bundler-audit-auditing-your-rubygems.html
>
> So to install this -
>
> gem install bundler-audit
>
> to run it, navigate to the directory where the Gemfile.lock is stored:
>
> bundle-audit check
Very cool (assuming the database of vulnerabilities is up to date). To turn this problem on its head, people who maintain gems: where would you submit the info that a gem has been updated with a security release?
More than a few times I've found out about problems in smaller gems through twitter - hardly ideal!
Fred
More information about the Chat
mailing list