The 2022 Pwnie Nominee For Best Desktop Bug

Attacking developer tools

Researcher Name: NSO Group (https://twitter.com/nsogroup)

The researchers demonstrated how unsafe developers tools can be. For example, they showed that simply cd’ing into a directory or opening a project in VSCode leads to RCE. They also demonstrated bypasses of package manager safety measures

https://blog.sonarsource.com/securing-developer-tools-git-integrations/ https://blog.sonarsource.com/securing-developer-tools-package-managers/