If you're interested in security, please consider checking us out. Most of rubysec is composed of security professionals, and we're all interested in improving the ecosystem-at-large. Submit issues against the advisory or simply fork it https://github.com/rubysec/ruby-advisory-db/
Regards and apologies for slightly hijacking the thread.
No problem at all! We may very well start crawling your advisory DB for our own mailing list, which isn't limited to just Ruby, to be fair. ;)
It's always good to have more eyes on security issues - Ruby or not - and keeping the community informed. Feel free to get in touch with us at support@tinfoilsecurity.com - we'd love to chat about any ways we can work together.
I'm one of the guys who uses gemcanary for one (open source) repo and so far I have to say I'm impressed, was informed some time last night about the new vulnerabilities and already updated the project. Thank you for the service!
We maintain a freely available advisory database https://github.com/rubysec/ruby-advisory-db/ designed to be easily machine readable.
We also maintain a free ruby-wide security announcement mailing list: https://groups.google.com/forum/?fromgroups#!forum/rubysec-a...
The rubysec-advisory-db is meant to power discovery tools such as https://github.com/postmodern/bundler-audit (from which it was originally extracted) or https://gemcanary.com (it bears mentioning that my company made it). I'm pretty sure it will be used in codeclimate's upcoming security monitor https://codeclimate.com/security-monitor given that Bryan is a regular contributor.
If you're interested in security, please consider checking us out. Most of rubysec is composed of security professionals, and we're all interested in improving the ecosystem-at-large. Submit issues against the advisory or simply fork it https://github.com/rubysec/ruby-advisory-db/
Regards and apologies for slightly hijacking the thread.