You probably have read the latest news about WebGL security and Chrome’s native ‘applet’s’
security in general:
– http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/
– http://www.theregister.co.uk/2011/05/09/google_chrome_pwned/
I can give a relaxing statement about JOGL in this regard.
We don’t rely on the robustness OpenGL ARB extension, but track VBO/FBO memory usage
and validate it’s usage / range.
Sure, we may enable the robustness extension in the future as an additional
security measure, but still would not rely on it and remove our independent layer.
We rely on the client’s Java sandbox and hence it’s secure (or not) environment, of course.
If you find any possible security vulnerabilities within GlueGen, JOAL, JOGL or JOCL,
please feel free to email and discuss those with me and the team.
Cheers, Sven
PS: this is not a troll attempt 🙂