I’m not so worried about any one source of trouble, but just a broad array of losers in basements looking to screw other folks up, ransomware, foreign scanners, etc. I broke my work down to real time and offline functional groups. (I do a little SW design work for a manufacturer on the side and they are moderately sensitive about their IP). I only have two machines online 24x7 ... a dedicated trade machine w good AV and cheapie surfer with nothing on it. Everything else is behind an RJ45 manual switch that air gaps the offline machines I can’t afford to get boogered ... they just get connected long enough to do a very occasional update. Not absolute protection by any stretch, but dead dumb simple, 3 min to put in place, $16 and 99.999% effective as exposure is cut from 24x7 to a few minutes a year. https://www.ebay.com/itm/CablesOnli...362709?hash=item3f046058d5:g:uw4AAOSwB4NWznA7
You consider Code an IDE? I mainly use Code for html/css/js/python, but see it more as an editor although sometimes i run py scripts using it.
IMO: If you are a target of the alphabet soup gang (FBI, CIA, NSA, DIA, etc., etc.), or the target of an individual or group with sufficient resources, possibly. (Keep in mind that the only attack vector is not VS via the cloud. The machine itself could be compromised via a different app, or physical access.) If you are not a target of the above, which I think this thread is more about, then the concern would be a rogue employee. Many here exclaim, "MS doesn't care what you're coding!" Or, "Your broker doesn't care about your trades!" Etc. It's not the company you have to be concerned about, generally; it's an employee(s). They could be criminal-minded; or they could be compromised via quid pro quo from an outside individual, group, or agency having sufficient resources. That's true, nobody cares unless you're coding something the rogue employee does care about. Suppose the employee is a would be day trader, and wants a successful system/algo/whatever. So he runs code that will search the MS cloud for VS projects containing certain keywords. You know the rest. Or suppose you've told your friend or family about your C# secret sauce. Suppose they blab this to their coworker, who happens to be connected to shady characters. In this scenario, you've, unknowingly, become a target. High tech criminals exist. Otherwise honest high tech workers can be extorted, blackmailed, compromised, threatened, lured, poached, etc. Stolen computer code helped a Tijuana-based biker gang steal 150 Jeeps https://www.chicagotribune.com/busi...-computer-code-jeep-heist-20170602-story.html Software engineer caught stealing code https://www.enterprisetimes.co.uk/2017/04/17/software-engineer-caught-stealing-code/ Goldman Sachs Programmer Found Guilty of Stealing Code https://www.wired.com/2010/12/aleynikov-guilty/ Former Tesla employee admits uploading Autopilot source code to his iCloud https://www.theverge.com/2019/7/10/...gzhi-cao-xpeng-xiaopeng-motors-lawsuit-filing
"the portion of proprietary code he took inadvertently was miniscule — just 32 of about 1,224 megabytes of code — and hardly constituted the company’s “entire platform.”"