Rails gets web products to market quickly

In our experience, teams using the Ruby on Rails (opens new window) framework can bring products to market more quickly and with a lower total cost of ownership than other tools, because the framework itself and surrounding community embrace a "convention over configuration" mindset. This means that one Rails app's codebase will look very similar to another Rails app's codebase, and the team will find themselves in familiar technical territory, freeing them up to focus on the product instead of wrestling with the code. There's also strong overlap between the agile and Ruby communities, which means (among things) that Ruby developers tend to write tests, use object-oriented design, and avoid repeated code.

Maybe the greatest compliment we can pay to Rails is that we've made an existential financial commitment to it, betting the future of the company on it in 2005, and we're still here.

In return, we're proud of our contributions to the community, in particular our open source libraries (opens new window) and articles on our blog (opens new window).

In addition to Ruby, we use other open source software and web standards such as HTML, CSS, JavaScript, UNIX, Vim, and Postgres because they:

• Are high quality.
• Avoid vendor lock-in.
• Provide flexibility to switch components.
• Work on many devices.
• Are battle-tested.
• Have few bugs when seen by many eyes.

Ruby on Rails comes with features that decrease the burden on the programmer to protect against security attacks such as:

• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• SQL injection
• Header injection
• Sensitive data in logs

Rails helps us do the right thing with regards to security but we are still required to be diligent, knowledgeable, and test comprehensively. For more information, see the Ruby on Rails Security Guide (opens new window).