Vs Code Extensions

It's not just the code that gets deployed to prod but it's the extensions that are in things like VS Code. I start thinking as an attacker how interesting would it be to be able to take an extension that gets injected to a developer's machine which then would could give me a foothold on their machine and get access to their source code. This is where we're going to see more of these kind of attacks because people don't think about what they do when they deploy software. You've got this inherent trust in the ecosystem and that is exactly how a state actor would want to leverage that. It's hard because everyone can think like an attacker from a point of view and you have to