Rails gets web products to market quickly
In our experience, teams using the Ruby on Rails framework can bring products to market more quickly and with a lower total cost of ownership than other tools, because the framework itself and surrounding community embrace a "convention over configuration" mindset. This means that one Rails app's codebase will look very similar to another Rails app's codebase, and the team will find themselves in familiar technical territory, freeing them up to focus on the product instead of wrestling with the code. There's also strong overlap between the agile and Ruby communities, which means (among things) that Ruby developers tend to write tests, use object-oriented design, and avoid repeated code.
Maybe the greatest compliment we can pay to Rails is that we've made an existential financial commitment to it, betting the future of the company on it in 2005, and we're still here.
In return, we're proud of our contributions to the community, in particular our open source libraries and articles on our blog, Giant Robots Smashing Into Other Giant Robots.
Because one of the benefits of Rails is the speed gained by the philosophy of convention over configuration, we stick to the built-in Rails defaults unless we have a good reason for not doing so. We capture our standard defaults and best practices in a Rails template, Suspenders. Suspenders allows us to start new apps really quickly.
In addition to Ruby, we use other open source software and web standards such as HTML, CSS, JavaScript, UNIX, Vim, and Postgres because they:
- Are high quality.
- Avoid vendor lock-in.
- Provide flexibility to switch components.
- Work on many devices.
- Are battle-tested.
- Have few bugs when seen by many eyes.
Ruby on Rails comes with features that decrease the burden on the programmer to protect against security attacks such as:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- SQL injection
- Header injection
- Sensitive data in logs
Rails helps us do the right thing with regards to security but we are still required to be diligent, knowledgeable, and test comprehensively. For more information, see the Ruby on Rails Security Guide and our Guide to Application Security.