Audience question after the talk: how did/would the speaker protect the system against ffmpeg vulnerabilities? Answer: in the proof-of-concept they didn't, because videos came from the client's customers; today the speaker would isolate the ffmpeg process and restrict its access to the rest of the system. Back then ffmpeg's ability to compromise a server wasn't as widely known.