Ruby Central is excited to share that with the support of the Alpha-Omega Project, we are accelerating our Open Source Program by adding a full-time role for our Director of Open Source, Marty Haught, and renewing Samuel Giddins’ position as Security Engineer in Residence. This funding will allow them to continue and expand their work on RubyGems, RubyGems.org, Bundler, and the broader Ruby Central Open Source Program.

Marty Haught’s Expanded Leadership Role as Director of Open Source

As our Interim Open Source Lead since August 2024, Marty Haught has been instrumental in guiding our open source efforts. We are thrilled for Marty to transition from a part-time to a full-time role as Director of Open Source, where he will provide dedicated leadership for Ruby Central’s Open Source Program.

Specifically, Marty will focus on:

• Leadership of RubyGems and Bundler teams: Marty will continue to provide leadership for the RubyGems and Bundler teams, overseeing their operations and ensuring that the core infrastructure remains secure, reliable, and adaptable to developer needs. This includes managing day-to-day operations and ensuring the health and sustainability of RubyGems.org.
• Operationalizing security for RubyGems: Marty will build a robust security strategy, starting by overseeing the completion of a security inventory of RubyGems’ policies, systems, and services, building on the Trail of Bits security audit. 
• Building a security-minded community: Marty will spearhead the creation of a security-focused community within the Ruby ecosystem. This includes forming a security working group of Ruby committers, key gem maintainers, and enterprise customers to engage in dialogue around best practices and address security gaps. 

Samuel Giddins’ Continued Role as Security Engineer in Residence

Samuel Giddins, who has served as the Security Engineer in Residence for RubyGems since December 2023, will continue to enhance the security of our open source tools and infrastructure thanks to funding from Alpha-Omega.

In 2024, Samuel made significant strides in improving RubyGems.org’s security posture, including implementing trusted publishing mechanisms and remediating critical vulnerabilities identified through security audits.

This year, Samuel will focus on:

• Maintaining and improving supply chain security: Samuel will continue securing RubyGems.org’s supply chain by improving gem signing, advancing build provenance (extending his work on Sigstore), and ensuring that all gems are verifiable and trustworthy from source to installation.
• Supporting secure gem installation: Samuel will work on reducing the need for compiled extensions in gems, helping to ensure that gems can be installed securely and efficiently without requiring potentially risky compilation on user machines.
• Addressing critical security vulnerabilities: Samuel will continue to identify and remediate security risks within RubyGems.org, responding to new vulnerabilities as they emerge and enhancing the platform’s overall security infrastructure.

About Ruby Central’s Open Source Program & The Alpha-Omega Project

The mission of Ruby Central’s Open Source Program is to maintain a secure, reliable ecosystem for the Ruby programming language. Our focus is on strengthening and sustaining Ruby’s core tools—including RubyGems.org, Bundler, and other essential infrastructure—to meet the needs of developers at every level, from individual creators to teams within large tech companies.

The Alpha-Omega Project’s mission is to protect society by catalyzing sustainable security improvements to the most critical open source software projects and ecosystems. They aim to build a world where critical open source projects are secure and where security vulnerabilities are found and fixed quickly. 

With Alpha-Omega’s support, Ruby Central can continue to lead the way in creating a secure and sustainable open source environment, empowering developers and organizations to build with confidence.