Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 2 个月前VSCode extensions with 9 million installs pulled over security riskswww.bleepingcomputer.comexternal-linkmessage-square8fedilinkarrow-up150arrow-down10cross-posted to: asklemmy@lemmy.ml
arrow-up150arrow-down1external-linkVSCode extensions with 9 million installs pulled over security riskswww.bleepingcomputer.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 2 个月前message-square8fedilinkcross-posted to: asklemmy@lemmy.ml
minus-squaresugar_in_your_tea@sh.itjust.workslinkfedilinkEnglisharrow-up2·2 个月前That sounds incredibly easy to enforce, why didn’t they?
minus-squareVendetta9076@sh.itjust.workslinkfedilinkEnglisharrow-up2·2 个月前Because Microsoft hates you
minus-squaremerthyr1831@lemmy.mllinkfedilinkEnglisharrow-up2·2 个月前Because people will do the work for them, so why enforce their TOS when they can just say YMMV and have absolutely zero liability if someone’s extension sells your corporate code to the dark web
minus-squaresugar_in_your_tea@sh.itjust.workslinkfedilinkEnglisharrow-up3·edit-22 个月前You can still have zero liability with a simple automated check. A theme is just JSON, so if it’s in the theme category, run it through a JSON parser. That would take a bad developer a day to do.
That sounds incredibly easy to enforce, why didn’t they?
Because Microsoft hates you
Because people will do the work for them, so why enforce their TOS when they can just say YMMV and have absolutely zero liability if someone’s extension sells your corporate code to the dark web
You can still have zero liability with a simple automated check. A theme is just JSON, so if it’s in the theme category, run it through a JSON parser.
That would take a bad developer a day to do.