In our experience, teams using the Ruby on Rails
framework can bring products to market more quickly and with a lower total cost
of ownership than other tools, because the framework itself and surrounding
community embrace a "convention over configuration" mindset. This means that
one Rails app's codebase will look very similar to another Rails app's codebase,
and the team will find themselves in familiar technical territory, freeing them
up to focus on the product instead of wrestling with the code. There's also
strong overlap between the agile and Ruby communities, which means (among
things) that Ruby developers tend to write tests, use object-oriented design,
and avoid repeated code.
Maybe the greatest compliment we can pay to Rails is that we've made an
existential financial commitment to it, betting the future of the company on it
in 2005, and we're still here.
In return, we're proud of our contributions to the community, in particular our
open source libraries and articles on our blog,
Giant Robots Smashing Into Other Giant Robots.
In addition to Ruby, we use other open source software and web standards such as
- Are high quality.
- Avoid vendor lock-in.
- Provide flexibility to switch components.
- Work on many devices.
- Are battle-tested.
- Have few bugs when seen by many eyes.
Ruby on Rails comes with features that decrease the burden on the programmer to
protect against security attacks such as:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- SQL injection
- Header injection
- Sensitive data in logs
Rails helps us do the right thing with regards to security but we are still
required to be diligent, knowledgeable, and test comprehensively. For more
information, see the Ruby on Rails Security