← All Tags
# supply-chain extensions

2 links tagged with all of: supply-chain + extensions

Click any tag below to further narrow down your results

+ open-vsx (1) + security (1) + vulnerability (1) + risk-management (1) + vscode (1) + software-security (1)

Links

[no-title]

The article analyzes the risks associated with supply chain vulnerabilities in the Visual Studio Code (VSCode) extension marketplaces. It highlights the potential threats to software security and integrity stemming from third-party extensions and provides insights on how developers can mitigate these risks.
Saved by tldr-importer · Last saved October 29, 2025 · 1 min read
supply-chain ✓ + risk-management + vscode + software-security extensions ✓

Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk | Koi Blog

A significant vulnerability was discovered in the Open VSX marketplace, which could allow attackers to gain full control over millions of developer machines by publishing malicious updates to extensions. This flaw, rooted in a CI issue, underscores the risks associated with untrusted third-party software in development environments.
Saved by tldr-importer · Last saved October 29, 2025 · 7 min read
+ open-vsx + security + vulnerability supply-chain ✓ extensions ✓