Security is not an on/off switch. No useful software application is truly ultimately secure. Security risk may be managed! Your company can take sensible, commercially-viable steps to avoid being in the news with an embarrassing data breach with your name on it.
Rietta has spent more than a decade developing applications with appsec as a fundamental design requirement and more than seven years applying this exclusively in the context of Ruby on Rails applications.