Comment by leshenka

> extensively VBA is used in today's Excel

Very.

Although I don't believe it's being used for greenfield hacks as much now, the world largely still runs on workbooks & apps built in Excel + VBA years and years ago. There are entire supply chains that likely run on this built by some analyst a decade or more ago. It remains by far the largest source of Shadow IT there is, and there isn't enough dev time or appetite to untangle these monstrosities into actual apps.

They aren't sandboxed because that would remove the usefulness. The reason VBA+Excel got its tentacles into everything is precisely because its not sandboxed. Anything the user can access is fair game, including network shares, SQL, and Win32 calls.

My first exposure to professional programming was writing VBA and SQL (yes, together) at a massive manufacturing facility that had really old equipment. Now with AI it's much easier to replace the code but VBA still has a stranglehold on legacy systems.

I'm not at liberty to talk more about the details, but last year I worked on a project to modernize a process that critically relied on a VBA macro to handle billions (yes, with a B).

> they run in such a sandbox

What makes them interesting is that they can talk with the outside world: API calls, databases, the terminal named after a former Democratic primary candidate...

The world lives on Excel macros. The amount of “shadow it” where the business logic allowing big businesses to run is encoded is unfathomable.

https://www.incometax.gov.in/iec/foportal/downloads/income-t...

You need a genuine licensed excel to run the file and prepare returns. Thankfully you can file same returns online on the portal for free so they get a safe pass that way.