How we do endpoint vulnerability management at Canva.

Santiago Gutiérrez

Endpoint vulnerability management at scale

How we validate vendor security at Canva by going beyond compliance.

Kane Narraway

CJ Fairhead

Trust but test: Vendor security testing at Canva

CVEs in three strange places and the unique problem of safely processing and handling fonts.

Angus Cornall

Peter Kydas

Fonts are still a Helvetica of a Problem

Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.

Zac Sims

When URL parsers disagree (CVE-2023-38633)

Discovery of Headless Chromium security vulnerability, how it works, and mitigations that should be applied to similar configurations

Security

Endpoint vulnerability management at scale

Trust but test: Vendor security testing at Canva

Fonts are still a Helvetica of a Problem

When URL parsers disagree (CVE-2023-38633)

Discovering Headroll (CVE-2023–0704) in Chromium