Important bit is on the later slides: Issues on most codecs/parsers can be prevented by sandboxing. An exploding parser should never affect other processes, files, etc.
Seccomp (bpf version) is only available since 2012 really, but I hope more apps will start picking it up. It's pretty simple it should become a shameful thing not to use it in new apps.
You can apply the generic sandboxes to the whole process, but that's not the same as a targeted seccomp. For example, you can use one of the external jails to stop your media app from using the network, and that's great. But what if you want to stream content from the internet? Without changing the source, you can't apply the no-network rule only to the decoding part. That's what still needs work from the maintainers.
Seccomp (bpf version) is only available since 2012 really, but I hope more apps will start picking it up. It's pretty simple it should become a shameful thing not to use it in new apps.