5/6 | Breaking the Internet: The Aftermath Of Our Research
If you work in cybersecurity, and you haven’t already, it’s time you read the research we published a few weeks ago about “How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension”.
It has been a crazy few weeks since the research was published, here are some interesting mentions, anecdotes, and numbers from the last couple of weeks.
The research was mentioned all over —
Even the actual owner of Dracula theme posted about the story —
I’ve also released ExtensionTotal, and the response from the security community has been incredible —
The use of ExtensionTotal, has been growing every day—
So.. Who Is Using ExtensionTotal?
ExtensionTotal has users from all over the world, today, only a week and a half into the launch, there are thousands of users from over 150 organizations. ExtensionTotal has users from S&P 500 companies, cybersecurity companies, aviation companies, fintech companies, and much much more. Many of these organizations require their engineers to use ExtensionTotal or automate VSCode extension risk using ExtensionTotal’s API.
ExtensionTotal is used by security teams in amazing companies —
And most amazing of all, 100% of these users are inbound. They just signed up and started using the product, even using ExtensionTotal’s API before we had a chance to get API Docs ready. The research has brought the subject to the top of priorities list for security teams inside organizations and it shows.
I’ve gotten features requests, suggestions, calls with intrigued users requesting to collaborate, organizations needed extra features and automation capabilities, and cybersecurity companies’ interest in the product and the story.
Been one heck of a ride.
Launching ExtensionTotal’s Supporters Program
As part of the success of ExtensionTotal, comes the challenges. As more and more organizations and users use our tool, our costs keeping it readily available gets higher. As part of our cloud-based architecture we are focusing efforts on improving efficiency of our resources while adding more scanners and findings to improve the accuracy of our risk assessment.
To do this well, we launched the Supporters Program, a way for us to raise funds for ExtensionTotal that will go directly to cover cloud costs.
If you want to help out and support ExtensionTotal, consider sponsoring here.
Massive shout out to the top organizations that sponsor us and help us keep ExtensionTotal available for free for our users.
So What’s Next?
We are nearing our last blog post in the series, “6/6 Uncover Hidden Risks: CISO’s Guide to Using ExtensionTotal API for Your Organization”, which concludes this journey with a guide of how to integrate ExtensionTotal with your organization.
We are grateful for all the responses, feedback, and support along this journey and hope to continue delivering more amazing security products for you in the future.
Thanks ❤️ Amit
Make sure to read the rest of our research —
1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension
2/6 | Exposing Malicious Extensions: Shocking Statistics from the VS Code Marketplace
3/6 | A Letter to Microsoft: Uncovering Design Flaws of Visual Studio Code Extensions
4/6 | Introducing ExtensionTotal: How to Assess Risk in VS Code Extensions