Ruby Central is very excited today to announce that Samuel Giddins has joined as the organization’s first open source employee as a Security Engineer in Residence. This residency is made possible thanks to support from Amazon Web Services (AWS).
Software supply chain security has become increasingly important for companies over the past few years, due to attackers of all sizes, up to nation-state actors, exploiting supply chain vulnerabilities to breach critical secure systems. Projects like RubyGems and RubyGems.org play a crucial role in providing a secure ecosystem for millions of open source Ruby users around the world.
“The hiring of a full-time W2 employee working on open source software marks a major milestone in the growth of Ruby Central and our community. We are finding sustainable ways to write software for the community, and that’s very exciting for all of us,” said Adarsh Pandit, Ruby Central’s Executive Director.
RubyGems is a package management framework for Ruby. RubyGems.org is the Ruby community’s gem hosting service. Historically, RubyGems was staffed by volunteers, then occasionally paid contract contributors, and now regularly paid contract contributors through funding from other entities. This hire marks the first time any individual will be working full-time on RubyGems, and a new era of maturity for the Ruby package ecosystem.
“I’ve been working on RubyGems for almost a decade,” said Giddins. “I’m excited to be able to focus my full attention on combining a focus on security and user experience to help make the Ruby packaging ecosystem the most secure and easiest to use software ecosystem. Full-time work will enable me to both dig into substantial projects that are hard to tackle with scattered time, as well as develop a holistic approach to modernizing the RubyGems ecosystem’s security posture and gain community buy-in and adoption for this work.”
Giddins will spend the next year focused on improving the security posture of the Ruby packaging ecosystem, with a broad focus on making the most secure option the easiest option. His responsibilities will include evangelizing and improving accessibility of security features forRubyGems users, and pushing the RubyGems ecosystem towards adopting industry standard security frameworks (such as Sigstore, SLSA, in-toto, OIDC, webauthn, and many more acronyms).
Much of the work that Giddins will be doing will be in the open, in the RubyGems GitHub organization & the Bundler slack. He will be posting updates to rubycentral.org/news, so you can follow along there or sign up here to receive occasional updates by email.
This role wouldn’t be possible without a generous grant from AWS, the world’s most comprehensive and broadly adopted cloud.
If you want to inquire about sponsorship opportunities, please contact sponsors@rubycentral.org. Please direct media inquiries to media@rubycentral.org.