Until recently, no security vulnerabilities had been discovered in VS Code extensions, creating a sense of security for millions of developers. What can we do about it? Mitigating VS Code extensions security concerns.Security research disclosure: Snyk releases Visual Studio Code supply chain security research findings.Proof of concept exploitation: Attacking Visual Studio Code extensions.Setting the stage: The impact of vulnerable Visual Studio Code extensions on developers.Intro: A vulnerable Visual Studio Code Extensions Marketplace.And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE. Everything from open source package managers security flaws being exploited to continuous integration systems being compromised to software artifacts being backdoored. We have been witnessing an ever growing amount of supply chain security incidents in the wild.
0 Comments
Leave a Reply. |