#1 Mention risks with Market Place supply chain attacks?

Open
1 jaar geleden werd geopend door dfr · 0 opmerkingen

When users are enabled with arbitrary code install they must be warned about the consequences of installing extensions without first reviewing them, especially if the extensions involves connecting with SSH to the clusters.

See this article for a general description of the risks associated with the Market Place and this one for a quantitative analysis.

When users are enabled with arbitrary code install they must be warned about the consequences of installing extensions without first reviewing them, especially if the extensions involves connecting with SSH to the clusters. See [this article](https://www.developer-tech.com/news/2023/jan/09/visual-studio-marketplace-supply-chain-attack-vector/) for a general description of the risks associated with the Market Place and [this one](https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/) for a quantitative analysis.
Sign in to join this conversation.
Geen label
Geen mijlpaal
Geen verantwoordelijke
1 deelnemers
Laden...
Annuleren
Opslaan
Er is nog geen inhoud.