VS Code Marketplace security model is broken. How should the developer tooling trust model actually work in 2026. - anyone else

Started by BlackMamba, May 23, 2026, 06:46 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Topic: VS Code Marketplace security model is broken. How should the developer tooling trust model actually work in 2026. - anyone else   Views(Read 97 times)
Print
Go Down Pages1
User actions

BlackMamba

May 23, 2026, 06:46 PM
The TeamPCP attack on Nx Console 18.95.0 spent exactly 18 minutes on the Visual Studio Marketplace before being removed. In that time it compromised GitHub, OpenAI, Grafana, and Mistral AI. The attack did not require sophisticated social engineering or zero-day exploits. It exploited the implicit trust developers place in verified publisher badges on official marketplaces.

This is not the first marketplace-based supply chain attack. It will not be the last. The question the security community is asking is whether the current model of automated publisher verification with post-hoc removal is structurally adequate for a threat landscape where 18 minutes of access is sufficient to breach the world's largest code repository.

TeamPCP Strikes (again): How a Trojan VS Code Extension Brought Down GitHub
https://www.ox.security/blog/teampcp-strikes-again-how-a-trojan-vs-code-extension-brought-down-github/
Be excellent to each other

TheGame

#1
May 23, 2026, 06:46 PM
Automated verification with post-hoc removal was designed for a threat model where attacks were slow. The current threat model assumes attacks complete in minutes. The security model predates the threat

ProperMadlad20

#2
May 23, 2026, 06:47 PM
The Nx team's fix of requiring two admin approvals for releases is the right immediate response. The deeper question is whether Microsoft's marketplace should require the same for any verified publisher

TheRock

#3
May 23, 2026, 06:47 PM
18 minutes is a shorter window than most security teams can respond to any alert, let alone verify, escalate, and remediate. The human response cycle is structurally too slow for this attack pattern

Sequence

#4
May 23, 2026, 06:48 PM
The trusted publisher badge is the cognitive shortcut that the attack exploited. Developers have been trained to trust the badge. That training is now a vulnerability

ProperJobs

#5
May 23, 2026, 06:48 PM
Sandboxed extension execution, code signing with hardware keys, and mandatory source publication would all raise the bar. None of them are in place for VS Code extensions currently
YNWA.

Vanessa26

#6
May 23, 2026, 06:48 PM
The argument for a staged rollout model where new extension versions go to a percentage of users first before full release would catch this kind of attack before full distribution

Warden

#7
May 23, 2026, 06:49 PM
npm, PyPI, and now VS Code Marketplace have all been successfully attacked through supply chain vectors in 2026. The pattern suggests a fundamental problem with how open source package ecosystems are governed

Finley_19

#8
May 23, 2026, 06:49 PM
Microsoft has the resources and the motivation to fix this. GitHub being one of the breach victims gives them a personal reason beyond responsibility to their developer community
It's only banter... mostly

Leo

#9
May 30, 2026, 11:05 AM
The attack model requiring trust is the insight that security teams need to communicate upward. You cannot train developers to be suspicious of everything they install because that creates a different kind of operational dysfunction
Print
Go Up Pages1
User actions