Tenderlove Keeps us Feeling Secure - How Assembla Applies Rails Security Patch in Under 2 hrs
Two critical patches were released by Aaron Patterson on the RubyOnRails-Security Google Group - Unsafe Query Generations and Multiple Vulnerabilities in Parameters. Thanks Aaron Patterson. Assembla was able to patch production from time of notification to production in under 2 hrs! So what makes us able to do this so fast? We have a great community backing us up - the Ruby on Rails Community, a global team ready to react to any scenario and a good Continuous Delivery process.
The advantages of Open Source Software is well known, but having a good community is very important. It was because of the efforts of this community that we have been notified twice in the last week about critical security patches. Aggregators like HackerNews are invaluable in attaining information about issues and best of practices. And of course the individuals that make up the community lead to better quality code. The Ruby on Rails Community is top notch, self-regulating itself and fixing issues as soon as they arise.
Global Devops Teams
The global team is well understood. Having a global team with 24/7 devops that can update code, deploy to production, and troubleshoot in real-time is invaluable. Assembla has been taking advantage of the global team since inception. We do not have to page a sysadmin in the middle of the night for critical pages. We do not need special permission to move from development to production, we just click a button. The devop is able to fix the code, test it, push to production and make it live.
Assembla uses a Continuous Delivery model that goes one step further to Continuous Deployment. This allows the devop assurity that they are able to move from development to production almost instantly with a feeling of security and stability, through process and Continuous Integration. If a critical patch comes in, we are sure that our Mainline is stable and that we can push a fix very quickly. We are also able to stay closer to the bleeding edge of technology, since we are able to update and push more frequently, allowing us to patch critical security fixes faster.
Thanks again Aaron Patterson, Titas Norkūnas and Continuous Delivery for keeping us safe and sound.