Accueil Explorer Aide
Connexion
pbarriat
/
learning-vscode
1
0
Fork 0
Fichiers Tickets 2 Pull Requests 0 Wiki
Étiquettes Jalons
Nouveau ticket

#1 Mention risks with Market Place supply chain attacks?

Ouvert
Créé il y a 2 ans par dfr · 0 commentaires
François Damien a commenté il y a 2 ans

When users are enabled with arbitrary code install they must be warned about the consequences of installing extensions without first reviewing them, especially if the extensions involves connecting with SSH to the clusters.

See this article for a general description of the risks associated with the Market Place and this one for a quantitative analysis.

When users are enabled with arbitrary code install they must be warned about the consequences of installing extensions without first reviewing them, especially if the extensions involves connecting with SSH to the clusters. See [this article](https://www.developer-tech.com/news/2023/jan/09/visual-studio-marketplace-supply-chain-attack-vector/) for a general description of the risks associated with the Market Place and [this one](https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/) for a quantitative analysis.
Connectez-vous pour rejoindre cette conversation.
Étiquettes
Effacer les étiquettes
Pas d'étiquette
Jalon
Effacer le jalon
Aucun jalon
Affecté à
Supprimer les assignataires
Pas d'assignataire
1 Participants
Écrire Prévisualiser
Chargement…
Annuler
Enregistrer
Il n'existe pas encore de contenu.