Microsoft, through its TechNet Security Research & Defense blog claims that WebGL, the open 3D graphics API, is flawed. Microsoft believes that these flaws present significant security vulnerabilities. Consequently, Microsoft could not incorporate WebGL into any of its products.
Microsoft bases its position on two studies published by purportedly independent research house Context Information Security. In its findings, Context expresses concern that the way in which browsers support WebGL will expose hardware, especially video cards, to exposure and attack over the Web. Secondly, Context believes that, lacking an app similar to Windows Update, WebGL security measures may become outdated and vulnerable. Finally, Context believes that WebGL, may, in certain situations be vulnerable to a DoS attack.
Khronos Group, which has its members Google, Mozilla and Apple, and which is the open group driving WebGL, strongly disagrees with Context’s findings and Microsoft’s position.
Microsoft has good reason to push aside WebGL. The company is the developer and chief proponent of DirectX, which competes directly with WebGL. The company also has a well established track record of attempting to scare firms away from rivals by using studies which, while billed as independent, carefully select criteria to make sure Microsoft is put in the best light.
