Hi, I'm with <a href="http://rubysec.github.com/" rel="nofollow">http://rubysec.github.com/</a><p>We maintain a freely available advisory database <a href="https://github.com/rubysec/ruby-advisory-db/" rel="nofollow">https://github.com/rubysec/ruby-advisory-db/</a> designed to be easily machine readable.<p>We also maintain a free ruby-wide security announcement mailing list: <a href="https://groups.google.com/forum/?fromgroups#!forum/rubysec-announce" rel="nofollow">https://groups.google.com/forum/?fromgroups#!forum/rubysec-a...</a><p>The rubysec-advisory-db is meant to power discovery tools such as <a href="https://github.com/postmodern/bundler-audit" rel="nofollow">https://github.com/postmodern/bundler-audit</a> (from which it was originally extracted) or <a href="https://gemcanary.com" rel="nofollow">https://gemcanary.com</a> (it bears mentioning that my company made it). I'm pretty sure it will be used in codeclimate's upcoming security monitor <a href="https://codeclimate.com/security-monitor" rel="nofollow">https://codeclimate.com/security-monitor</a> given that Bryan is a regular contributor.<p>If you're interested in security, please consider checking us out. Most of rubysec is composed of security professionals, and we're all interested in improving the ecosystem-at-large. Submit issues against the advisory or simply fork it <a href="https://github.com/rubysec/ruby-advisory-db/" rel="nofollow">https://github.com/rubysec/ruby-advisory-db/</a><p>Regards and apologies for slightly hijacking the thread.