MOUNTAIN VIEW, Calif. — Three leading browser providers debated security and other Web-related issues at the closing session of the inaugural Add-on Con conference Thursday.
They found themselves in heated agreement about security in the burgeoning market for browser add-on utility software.
During a panel discussion here about security, moderator Doug Crockford, a senior JavaScript architect at Yahoo (NASDAQ: YHOO), set up the discussion by noting how the Web and browsers are under attack by those looking to exploit any flaws they can find. Plug-ins or add-ons, are often a ripe target.
“Add-ons are attacked by software not under our control,” he said, adding, “it’s a significant risk to people basing their business on add-ons and to customers.”
Joshua Allen, a senior technical evangelist for Internet Explorer at Microsoft, agreed security is a serious issue and noted that IE, with the biggest market share, is the biggest target of attacks.
“We’ve invested heavily in security, but it’s basically an arms race. We have to continue to do a lot going forward,” he said. Allen emphasized the need to support Web standards and, perhaps surprisingly, said competition is helping. “We’re seeing much better tools for the Web and one of the factors driving this is the interoperability among multiple vendors,” said Allen.
“No one controls a big enough part of the market to have veto power.
“There are a fairly small set of [browser] players and we all pay attention to what each other does and I think you’ll see convergence where it makes sense without a formal process.”
Limiting potential risks
Google product management director Brad Rakowski, said with its Chrome
browser, Google wants to limit the potential security risks add-ons face. “It’s very important to limit the capabilities add-ons might have, that’s a little of our idea for an extension model,” he said. Rakowski said Google wants to limit the resources add-ons can use, and have it be clear what those are, to protect the browser.
Mike Shaver, vice president of engineering at Mozilla, makers of the Firefox browser, agreed on the importance of standards, particularly in established areas where developments are well understood. “I hope we won’t see a rush to codify things that are still in development,” he said.
Panelists agreed the mobile Web is ripe for growth with Apple’s iPhone leading the way as the poster child for reasonably easy access to the Web on a handheld device. Shaver warned it would be a mistake to continue efforts to develop custom mobile Web services that are significantly different than the desktop experience. “I believe the genie can’t go back in the bottle to WAP (DEFINE: WAP) and mobile silos,” he said.
Rakowski who has worked on Google’s Android mobile operating system as well as Chrome, said he has no doubt the desktop Web is the direction for mobile.
“There’s absolutely going to be more mobile Web that’s the same as the PC Web,” said Rakowski. “I’m very excited about the last six months to two years where browsers are much better on mobile devices like the iPhone and BlackBerry.”
As for the Chrome browser, Rakowski said Google wants it to be successful as it does all of its products, but also has a larger goal in mind. “From a strategic perspective we just want the Web to get better,” he said. “If we don’t get any market share but Javascript runs 20 times faster, we’re happy.”