The graphics library is supposed to bring 3D graphics to the browser, but Microsoft says it's insecure. Do they have a point? Microsoft caused a stir last week when it posted a lengthy discourse on why it would not support WebGL, a new software library that extends JavaScript to allow 3D interactive graphics in a browser. Every other major browser will support it — Mozilla Firefox, Google Chrome, Apple Safari and even Opera, the stripped-down, basic browser, will support WebGL. But Microsoft said no, and it didn’t come from the developer group, it came from the Microsoft Security Research Center group.The reason cited was that Microsoft products supporting WebGL would have trouble passing Microsoft’s internal Security Development Lifecycle requirements. Microsoft cited three specific problems: Browser support for WebGL directly exposes hardware functionality to the Web in a way that it considered to be overly permissive; browser support for WebGL security services relies too heavily on third parties to secure the Web experience; and there are problematic system DoS scenarios. The first complaint is probably the biggest. Video drivers are notoriously buggy. Nvidia and AMD are constantly releasing new drivers, sometimes just days apart from a previous release. True story: AMD released new Radeon drivers on June 15, and when I installed the drivers, the installation partly failed. Ten minutes after installing the drivers, my system froze for the first time in months. Microsoft wouldn’t be able to control flaws in drivers exposed to Windows through WebGL without seriously impacting the system. Microsoft’s only alternative would be to block and/or disable those drivers with known exploits, which would cause all kinds of user problems, and guess who’d take the blame for it?Some bloggers, especially the anything-but-Microsoft crowd, were quick to accuse the company of going back to its not-invented-here mentality, but Microsoft has long shed that mentality. It’s hard to make that argument when developers right now are fretting that Microsoft will abandon .Net and Silverlight in favor of HTML 5 in Windows 8. Microsoft’s position was buttressed a little by Context Information Security, a software security firm in the UK, which had pointed out similar arguments almost a month before Microsoft did.Mike Shaver, Mozilla’s vice president of technical strategy, responded to Microsoft in a blog post that Mozilla is working to address weaknesses as noted by Microsoft, and then pointed out that Silverlight 5 is attempting to do the same things as WebGL and thus has the same vulnerabilities.Circling back to the point I made earlier about Nvidia and Vista, we’re often quick to blame Microsoft for problems when it actually isn’t within their domain. In recent years, there has been a major effort to harden the operating system and browser, and Shaver noted in his blog that the Vista/7 display driver model is much improved. The people who need to make a security effort now are the GPU vendors. Related content news Pure Storage adds AI features for security and performance Updated infrastructure-as-code management capabilities and expanded SLAs are among the new features from Pure Storage. By Andy Patrizio Jun 26, 2024 3 mins Enterprise Storage Data Center news Nvidia teases next-generation Rubin platform, shares physical AI vision ‘I'm not sure yet whether I'm going to regret this or not,' said Nvidia CEO Jensen Huang as he revealed 2026 plans for the company’s Rubin GPU platform. By Andy Patrizio Jun 17, 2024 4 mins CPUs and Processors Data Center news Intel launches sixth-generation Xeon processor line With the new generation chips, Intel is putting an emphasis on energy efficiency. By Andy Patrizio Jun 06, 2024 3 mins CPUs and Processors Data Center news AMD updates Instinct data center GPU line Unveiled at Computex 2024. the new AI processing card from AMD will come with much more high-bandwidth memory than its predecessor. By Andy Patrizio Jun 04, 2024 3 mins CPUs and Processors Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe