Malicious VSCode extensions with millions of installs discoveredfloofloof@lemmy.ca to Programming@programming.dev – 234 points – 4 months agobleepingcomputer.com53Post a CommentPreviewYou are viewing a single commentView all commentsShow the parent commentMicrosoft doesn't have a vetting process for publishing extensions in the store. Maybe the failure is that people assume they do?Surely you mean "that Microsoft does not make it clear that they don't"?Maybe, but I think the only app store that does vet apps is the Apple one, so that should be the default expectation. And I think even they wouldn't manually look for something like this. They're mainly concerned about people breaking the commercial rules.
Microsoft doesn't have a vetting process for publishing extensions in the store. Maybe the failure is that people assume they do?Surely you mean "that Microsoft does not make it clear that they don't"?Maybe, but I think the only app store that does vet apps is the Apple one, so that should be the default expectation. And I think even they wouldn't manually look for something like this. They're mainly concerned about people breaking the commercial rules.
Surely you mean "that Microsoft does not make it clear that they don't"?Maybe, but I think the only app store that does vet apps is the Apple one, so that should be the default expectation. And I think even they wouldn't manually look for something like this. They're mainly concerned about people breaking the commercial rules.
Maybe, but I think the only app store that does vet apps is the Apple one, so that should be the default expectation. And I think even they wouldn't manually look for something like this. They're mainly concerned about people breaking the commercial rules.
Microsoft doesn't have a vetting process for publishing extensions in the store. Maybe the failure is that people assume they do?
Surely you mean "that Microsoft does not make it clear that they don't"?
Maybe, but I think the only app store that does vet apps is the Apple one, so that should be the default expectation.
And I think even they wouldn't manually look for something like this. They're mainly concerned about people breaking the commercial rules.