How can I determine which macros to trust?
To manage the use of macros within an organisation, all macros created by users or third parties should be reviewed by an independent party to the developer and assessed to be safe before being approved for use within the organisation.
When assessing whether macros are safe or not, assessors should ask themselves the following questions:
- Is there a business requirement for a particular macro?
- Has the macro been developed or provided by a trusted party?
- Has the macro been validated by a trustworthy and technically skilled party?