June 11, 2024, 10:21 a.m. | /u/amitassaraf

cybersecurity www.reddit.com

Dear r/cybersecurity,

During our research of Visual Studio Code extensions in the past few weeks we've found an alarming amount of security design flaws that deserve the security community’s attention. The lack of a permission model, automatic silent updates, and unrestricted capabilities are just a few issues that poses a direct threat to organizations who use Visual Studio Code.

Microsoft, your amazing product is trusted by millions. Let's make it secure. 💪

Read our letter to Microsoft with the design …

attention automatic capabilities code community cybersecurity design extensions flaws found issues letter microsoft permission research security security community silent studio updates visual studio visual studio code

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

Manager Pentest H/F

@ Hifield | Sèvres, France

Information System Security Officer

@ Parsons Corporation | USA VA Chantilly (Client Site)

Vulnerability Analyst, Mid

@ Booz Allen Hamilton | USA, VA, McLean (8283 Greensboro Dr, Hamilton)

SAP Security and Compliance Auditor

@ Bosch Group | Warszawa, Poland

Head of Product Security (Business team)

@ Zalando | Berlin