Nonsensical corporate posturing.
"Microsoft will contribute expertise, resources, and AI technologies to help responsibly identify and fix vulnerabilities"
As a reminder, Microsoft runs NPM and GitHub. Microsoft has access to the best AI models and massive data centers. Despite that, their own products are rapidly getting worse at security and their services are central hubs through which various exploits are propagated. They are not making things better, they are actively and rapidly making things worse.
--
For a great example of how Microsoft deals with security issues within their own Open-Source projects, I recommend reading this GitHub thread:
https://github.com/dotnet/efcore/issues/38257
EF core currently distributes a version of SQLite that has a severe vulnerability. The issue was discovered over a year ago. It was fixed by SQLite within one week. EF core didn't mark their driver as vulnerable until a user recently reported it, got bounced around and argued with developers. The current stable version of .NET core will only get a fix in roughly two months.
> a version of SQLite that has a severe vulnerability
Calling CVE-2025-70873 a severe vulnerability is a bit overplaying it imo. The vulnerability requires that you allow an attacker to import an arbitrary ZIP file
I looked at the vulnerability in question by the way, CVE-2025-70873, and it really is not that severe unless you're allowing users to import arbitrary ZIP files
Before Microsoft, GitHub invented all of Electron just so they could create an IDE in JavaScript (lol)
But it was fun - and Electron became something totally different and useful. This is what tech innovation is all about.
Microsoft after acquiring them, instead of continuing these great projects with VSCode, instead paid for influencers to trash Electron (which worked for the most part, in 2026 most people think Electron sucks and can't say why - when WKWebView is way worse! Nobody cares).
So, MS builds VSCode - doesn't even fork Atom to do so. Looks identical to it. They built it from scratch. Bigger. Slower. Now with Copilot! I just went back to Atom (rather Pulsar, the last good fork).
I share this because it's exactly what Microsoft always does. They acquire based on opportunity and competitive space then rarely even use what they paid for. They get rid of all the good employees and the good code. They put a bunch of Indians in there who just hire other Indians and totally ruin the product.
But what gets me is EVERYONE uses their stuff still hahahah Guys. STOP USING MICROSOFT STUFF. Get off LinkedIn. Let's all go in on another VCS. Until open source developers put their money with their mouth is, Microsoft will continue to suck in more ways than one.
> So, MS builds VSCode - doesn't even fork Atom to do so. Looks identical to it. They built it from scratch. Bigger. Slower.
Someone needs to fix a memory leak here.
Atom was famously slow. Even among people using it and championing it.
VSCode totally wowed people not just because it was faster, but because it was essentially the first «real» Electron-app which proved Electron-apps could have near native performance.
You got this part 100% backwards.
> proved Electron-apps could have near native performance
I don't think that's true at all. Try running Zed or Sublime.
Also, big chunks of VSCode predated Atom. (The Monaco code editor was embedded inside IE10/11/Spartan Edge and parts of the Azure Portal and Azure Dev Ops.) Electron was the excuse to make it its own deliverable and not just only embedded inside other web projects. (Which is also why VSCode was not even a fork of Atom and easily beat Atom's performance at launch because it was already a battle hardened editor.)
> Atom was famously slow
It's your linter
And Electron apps do not have near native performance lmao Not even close. And neither does VS Code haha. Definitely slow just like Atom.
You missed the point