VS Code has introduced a two-hour delay for automatic updates of extensions in response to increasing concerns about supply chain attacks and malware risks. This measure aims to provide additional time for testing and vetting of updates before they are deployed, thereby enhancing security. The update is part of a broader industry trend towards improving protection against cyber threats, particularly those exploiting vulnerabilities in software supply chains.
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
CyberSIXT Evidence Panel
Source marked as original reporting
Article by CyberSIXT