I’m been trying to locate documentation on the security procedures related to Visual Studio Gallery extensions.
I’m asking because this could be a possible vulnerability in our enterprise environment. We are doing security audits right now and this is one area that has been identified as a possibly security risk.
Is there any type of auditing process that extensions published by third parties go through?
If some malicious code was encapsulated in an extension that got pushed out, does Microsoft have the ability to remotely disable them or send a message to users to disable / uninstall the extension?