Saturday, August 5, 2017

Software plugins/extensions should be part of your threat model

Over the last few months we’ve seen multiple cases of warnings about plugins and extensions for various software packages threatening the security of users.  We’ve recently seen the Copyfish and and Web Developer Chrome plugins compromised and used to push malware to users.

While Chrome is likely safe and should probably not be considered a threat, perhaps your plugins should be.  Plugins are developed by potentially malicious third parties. Even if your plugin developers are not themselves malicious, they have security concerns just like everyone else.  And make no mistake about it: when understanding software supply chain issues, their security is your security.

Read the full story here.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.