UntrustIDE: Exploiting Weaknesses in VS Code Extensions
Elizabeth Lin
Network and Distributed System Security (NDSS) Symposium 2024 · Day 2 · Software Security
In an era where the software supply chain faces relentless attack, developer Integrated Development Environments (IDEs) have emerged as a critical, yet often overlooked, target. The talk "UntrustIDE: Exploiting Weaknesses in VS Code Extensions" by Elizabeth Lin at the NDSS Symposium sheds light on the systemic vulnerabilities present in Visual Studio Code (VS Code) extensions. VS Code, a dominant force in the developer ecosystem with over 74% market share according to the 2022 Stack Overflow survey, owes much of its popularity to its vast and rapidly expanding extension marketplace, which grew from 39,000 to over 47,000 extensions in just nine months.