Michael Kimsal has just released the latest episode of his WebDevRadio podcast series, Episode 108: "New Ruby, Regex and my Framework Security Rant(tm)". His framwork security comments are related to PHP frameworks and why almost none of them seem to come with security features already included.
Ruby 2 was just released, and the new ‘refinements’ feature presents some interesting challenges for JRuby and just about anyone wanting to read Ruby code. Brief chat about the regex security affecting Rails back in January, but more broadly speaking, what does this say about regex in general? Should we embrace it, or find better alternatives? Finally, I’ve got a new blog post up about web framework security – why do (almost) no web frameworks ship with security baked-in?
The podcast references some of the thoughts from his recent post about framework security. You can listen to this latest episode either through the in-page player or by downloading the mp3.