Microsoft engineers reveal WebGL security woes

James Delahunty
19 Jun 2011 11:37

If you wondered why Microsoft's thrust to add more features and functionality to its Internet Explorer browser has excluded WebGL, here's an answer.
You could be forgiven to tempt an assumption that a Microsoft snub of WebGL is simply the Redmond-based giant's way of ignoring an open standard, in favor of its own proprietary Direct3D, but Microsoft engineers have put forth some real questions for the emerging standard to answer on security.

WebGL stands for Web-based Graphics Library. It provides an (OpenGL-based) API for 3D graphics within web browsers, filling part of an increasing demand for a much richer web experience for end users. Mozilla, Google and Apple have backed the technology with their browser packages, but Microsoft is not yet ready to endorse it.
Microsoft engineers analyzed WebGL and found that they cannot endorse the technology from a security perspective, finding that Microsoft products supporting WebGL would have a difficult time passing Microsoft's Security Development Lifecycle requirements.

The engineers split the problem into three main concerns with widespread use of WebGL.


Microsoft's engineers predicted that WebGL will turn out to be an on-going source of hard-to-fix vulnerabilities, and said it is not a technology that the company can endorse now from a security perspective.

"We recognize the need to provide solutions in this space however it is our goal that all such solutions are secure by design, secure by default, and secure in deployment."

More from us
Tags
Microsoft WebGL
We use cookies to improve our service.