software supply chain

GitHub-distributed VSCode extension executed unsanctioned code

A board-level brief on the compromised VSCode extension distributed through GitHub: what it exposed, what control did not function, and what must be true.