Jean-Baptiste Kempf
๐ค SpeakerAppearances Over Time
Podcast Appearances
It's their hobby.
It's good that they're security analyzing it, but it doesn't need a big, scary warning.
This is a critical vulnerability.
May recently also see that there was another quote-unquote vulnerability.
It wasn't a Google in this case, but a filter could overflow and have an integer overflow, and one of your pixels could be the wrong color.
And this was marked high, 7.5 severity in red.
And at some point, the security industry needs to realize you can't keep crying wolf like this because this just leads to people, you know, the equivalent thereof of putting password stickers on their PC.
You know, you can't just keep crying wolf every day.
And I appreciate, you know, that's their modus operandi is to create as much scared and fear.
But from the Google standpoint, at the end of the day,
They need to contribute either financially or with patches.
Google uses FFmpeg at a scale probably you or I couldn't even contemplate.
Millions of CPU cores.
And yes, they contribute in areas mostly regarding their own products.
So VP9, AV1.
But in a wider sense, there's a disproportionate level of contribution.
Yes, they fund students.
Yes, they fund Summer of Code.
And I think, so Alex Strange is a former FFmpeg developer, I think posting in a personal capacity.
They are now starting to send patches, which is...