Rails gets web products to market quickly
In our experience, teams using the Ruby on Rails framework can bring products to market more quickly and with a lower total cost of ownership than other tools, because the framework itself and surrounding community embrace a "convention over configuration" mindset. This means that one Rails app's codebase will look very similar to another Rails app's codebase, and the team will find themselves in familiar technical territory, freeing them up to focus on the product instead of wrestling with the code. There's also strong overlap between the agile and Ruby communities, which means (among things) that Ruby developers tend to write tests, use object-oriented design, and avoid repeated code.
Maybe the greatest compliment we can pay to Rails is that we've made an existential financial commitment to it, betting the future of the company on it, and we are still here.
In addition to Ruby, we use other open source software and web standards such as HTML, CSS, JavaScript, UNIX, Vim, and Postgres because they:
- Are high quality.
- Avoid vendor lock-in.
- Provide flexibility to switch components.
- Work on many devices.
- Are battle-tested.
- Have few bugs when seen by many eyes.
Ruby on Rails comes with features that decrease the burden on the programmer to protect against security attacks such as:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- SQL injection
- Header injection
- Sensitive data in logs
Rails helps us do the right thing with regards to security but we are still required to be diligent, knowledgeable, and test comprehensively. For more information, see the Ruby on Rails Security Guide.