Basically all the comments points to how amateurish that exchange was run compared to a real online banking website.
Now how many real banks do run their website using Rails? Ruby?
You guys certainly aren't as stupid as to believe this is the latest major 0-day Rails exploit to create havoc right?
And now comes the answers containing the logical fallacy: "All languages/frameworks have security issues". Which is rubbish in that it would imply that all the languages/frameworks do offer exactly the same level of security...
While you're obviously correct to imply that languages/frameworks have different levels of security the problem with that proposition is how does a prospective user of the framework assess the level of security it provides?
You could argue that "big, enterprise" systems are likely to be more secure, but experience with things like Oracle databases around 8/9/10 would indicate that's not always a good measure.
You could argue (and people do) that the framework being open source is a good thing, or a bad thing.
So absent that information how would someone factor that into their choice of system?
Most languages are inappropriate for highly sensitive information or other critical systems. You don't see the the aerospace industry putting Ruby hardware controllers into planes, nor do you see the defense industry putting classified information behind Ruby web servers.
Now how many real banks do run their website using Rails? Ruby?
You guys certainly aren't as stupid as to believe this is the latest major 0-day Rails exploit to create havoc right?
And now comes the answers containing the logical fallacy: "All languages/frameworks have security issues". Which is rubbish in that it would imply that all the languages/frameworks do offer exactly the same level of security...