When your Rails app is secure… but your kernel isn’t

When your Rails app is secure… but your kernel isn’t May 3, 2026 A new Linux kernel vulnerability CVE-2026-31431, better known as Copy Fail is a reminder of something backend engineers tend to underweight: your application security model is only as strong as the system it runs on. This isn’t a remote exploit. It’s a … Continue reading When your Rails app is secure… but your kernel isn’t →

Stop Checking admin?: Designing Authorization That Won’t Become Technical Debt (Kaigi on Rails 2025)

February 17, 2026 Modern Rails applications rarely fail because of authentication — they fail because of authorization complexity. As products grow, roles multiply, exceptions accumulate, and permission checks scatter across controllers, models, views, and frontend code. What begins as a simple current_user.admin? quickly becomes an unmaintainable web of implicit rules. At Kaigi on Rails 2025, … Continue reading Stop Checking admin?: Designing Authorization That Won’t Become Technical Debt (Kaigi on Rails 2025) →

🔐 Securing Your Ruby Apps with bundler-audit

June 10, 2025 In today’s world of frequent security breaches, keeping your Ruby application’s dependencies secure is non-negotiable. That’s where bundler-audit steps in—a powerful command-line tool that scans your Gemfile.lock for known vulnerabilities and insecure gem sources. 🛠 What is bundler-audit? bundler-audit checks your project for: Vulnerable versions of gems (by comparing with the ruby-advisory-db) … Continue reading 🔐 Securing Your Ruby Apps with bundler-audit →