diffend

RubyGems dependency confusion attack side of things

Note: This article is not to deprecate any of the findings and achievements of Alex Birsan. He did great work exploiting specific vulnerabilities and patterns. It is to present the RubyGems side of the story and to reassure you. We actively work to provide a healthy and safe ecosystem for our users. After reading the …

RubyGems dependency confusion attack side of things Read More »

Diffend – OSS supply chain security and management platform for Ruby 1

Diffend – OSS supply chain security and management platform for Ruby

I’m incredibly excited to announce a security platform for managing Ruby gems dependencies: diffend.io. This platform is a result of my involvement in Ruby security matters for years. It all started in early 2018 with a tool to review gems versions diffs. While working on it, I’ve noticed that there’s much more that needs to …

Diffend – OSS supply chain security and management platform for Ruby Read More »