[LocalH]

You do realize this is Microsoft we're talking about here? Not merely a couple dudes in their bedroom doing this in their spare time? I guarantee you that a non-zero percentage of the code in VSCode was paid for.

[rat9988]

Who ever paid to use the extensions marketplace?

[LocalH]

I meant on the development side, not that end users paid for anything.

[rat9988]

Then why should end users expect anything? Microsoft is already paying for developpers.

[wildzzz]

Then they can pay those developers to sandbox vscode extensions at the very least. I like using vscode sometimes but I'm sure as shit not going to use it if my work bans installing extensions due to security risks.

[CodeWriter23]

> You do realize this is Microsoft we're talking about here?

Fiscal responsibility: required

> Not merely a couple dudes in their bedroom doing this in their spare time?

Fiscal responsibility: optional

I would also point out, the malware-infested extension we are talking about presents more as the “two guys in a bedroom” model (though possibly a state-sponsored actor).