• BuyDRM_WowzaStreaming_Slider_1920x450.png
  • EPIX_BlogSlider_1920x450
  • 763x430_BuyDRM_WowzaStreaming
  • 763x430_BuyDRM_EPIX
  • 378x300_BuyDRM_WowzaStreaming
  • 378x300_BuyDRM_EPIX

W3C to Announce New Guidelines For Disclosure Program

Posted by Christopher Levy on Feb 15, 2017 6:00:00 PM



Recently I contacted the W3C about the EFF's efforts to derail the many years of work by DRM and technology professionals to enable on-board support for DRM in the browser.

To date, EME has evolved into a standard that many media companies now rely on. Chrome, Internet Explorer, Edge, Firefox and even Safari now all support some form of EME-based DRM in their platform.

If you are not familiar with EME, here is a good article from Jan Ozer explaining how it works: http://www.streamingmedia.com/Articles/Editorial/Featured-Articles/HTML5-Comes-of-Age-Its-Finally-Time-to-Tell-Flash-Good-bye-105246.aspx

BuyDRM had posted a blog about how the EFF was trying to get the W3C to not renew the charter of the group working on EME and started a general campaign to evict DRM from popular consumer browsers. For a very limited time the EFF was able to disrupt the process and had basically stalled any momentum around EME in the browser.

We covered this in our blog post: "Cory Doctorow and the EFF want to take away your Netflix..." Frankly we had an enormous response to the post and although I can't share those comments here, it's very clear the major OEMs of DRM and their technology and media partners all shared our position about pushing back on the EFF.

I had personally taken this "push back" to another level once I was contacted by the W3C about the post and our position. I had told the W3C's rep that there needs to be a pathway whereby security researchers can legally do the research they do without breaking the law. It's clear that there was a major disconnect here between the DRM and browser vendors (there's a direct link there) and the security industry at large.

At some point the W3C made it clear it was Mr. Tim Berners-Lee decision to make as to how to proceed. After being told this news I was introduced to a writer who was working for ARS Technica in the UK and he had asked me how did I think this impasse needed to be addressed. I made it clear that "Security Researchers need to work out a pathway whereby they can conduct legitimate research with Google, Microsoft and Apple" and "I suspect what needs to happen is Google, Apple and Microsoft need to vet and paper up said researchers and properly process them legally so they can get access to the code they need. In turn they would clearly have to abide by some rules of operation but in this model, should they be able to comply with the processes, they could "do their job" if they were hired to do so."

So it was with joyful glee that my CTO pointed out this piece out today by The Register with the brutally direct title: "WTF is up with the W3C, DRM and security bods threatened – we explain" where in the W3C announces that on March 2nd, they will roll back the curtains on a new program called "Responsible Vulnerability Disclosure".....whereby.....wait for it........:

The new guidelines due March 2 hope to break that impasse by creating a "Responsible Vulnerability Disclosure" program that would give security researchers a free pass if they disclose any holes they find (confidentially to companies at first and then after a set period of time, publicly). That leaves the door open to corporations to sue anyone who finds a security hole and produces software that bypasses protections.

I just want to publicly applaud Mr. Tim Berners-Lee for making this program a reality and taking a step in the right direction. I am clearly 100% on board with this program and I think that this will once-again re-affirm that the W3C is a clear-thinking, un-biased organization who won't allow radical threats to drive their agenda. Furthermore, I believe this action will bring Google, Microsoft and Apple back to the conversation and make content owners more confident in the direction we are headed with EME.

Be Sure to Sign Up for Our Upcoming Webinar on Feb. 28th!


Subscribe to The DRM Blog and get the 2016 DRM Deployment Guide

New Call-to-action

Readers Choice 2016.png

BuyDRM’s KeyOS™ Multi-DRM Platform 2016 Recognitions

BuyDRM services is proud to announce our inclusion in The 2016 Streaming Media 100: The 100 Companies That Matter Most in Online Video in 2016. This is our  fourth consecutive year of being recognized as a top innovator in the field.  BuyDRM was also recognized as the runner up for the 2016 Streaming Media Readers'  Choice Awards for DRM/Access Control Service Providers, once again proving our solutions as being one of the most comprehensive and widely deployed in the world.

Playready Widevine Fairplay

BuyDRM – Your Single Source for Multi-DRM Solutions

Offering PlayReady, Widevine, and FairPlay, we can help you deliver protected content to any device in any situation whether online or offline or both.

Established in 2001, we are a market-leading Multi-DRM service provider. Over the last fifteen years we have seen drastic changes in the content protection arena as a variety of new technologies have entered the marketplace. Through our pioneering efforts in this field and decades of experience in digital media, we have your bases covered with the KeyOS Multi-DRM Platform supporting PlayReady, Widevine, and FairPlay DRMs. KeyOS supports all of the popular consumer platforms and business models.

Want to Learn More?

If you are either just beginning your search or are a seasoned streaming media pro, we think our team can help you. 


Contact us to learn more about our solution.  We would be happy to setup a call to evaluate your scenario and find out how we can help you.  Our consultations are always free. Our KeyOS platform powers the biggest names in media across the globe and we are eager to assist you as well. 

Topics: DRM, W3C

    Subscribe for Instant Notifications

    New call-to-action

    Posts by Topic

    see all