IDE Plug-ins
Hello,
I have recently started a new position wherein I am working on doing risk assessments. Recently, I had CCStudio come across my desk, which uses OpenVSX's plug-in marketplace to support its IDE environment. I hadn't really thought about it until this point, but how are these plug-ins controlled under CMMC? I'm fairly new to compliance so apologies if this seems like an obvious question.
As far as I can tell from my limited research, they wouldn't require individual assessments for every plug-in a developer may want, but we would be required to establish a list and perform regular vulnerability checks for each plug-in. Am I correct in that assumption?
If anyone has anything they can say to help, please do! Everything is greatly appreciated. Like I said, I'm new to the field, so anything is helpful for me!