Tavis Ormandy

Tavis Ormandy is an English computer security white hat hacker. Until October 10, 2025^[1], he was employed by Google and was formerly part of Google's Project Zero team.^[2]

Ormandy is credited with discovering severe vulnerabilities in LibTIFF,^[3] Sophos' antivirus software^[4] and Microsoft Windows.^[5] With Natalie Silvanovich he discovered a severe vulnerability in FireEye products in 2015.^[6]

His findings with Sophos' products led him to write a 30-page paper entitled "Sophail: Applied attacks against Sophos Antivirus" in 2012, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time" and that its products shouldn't be used on high-value systems.^[7]

He also created an exploit in 2014 to demonstrate how a vulnerability in glibc known since 2005 could be used to gain root access on an affected machine running a 32-bit version of Fedora.^[8]

In 2016, he demonstrated multiple vulnerabilities in Trend Micro Antivirus on Windows related to the Password Manager,^[9] and vulnerabilities in Symantec security products.

In February 2017, he found and reported a critical bug in Cloudflare's infrastructure leaking user-sensitive data along with requests affecting millions of websites around the world which has been referred to as Cloudbleed (in reference to the Heartbleed bug that Google co-discovered).^[10]

On or around May 15, 2023, he found and reported a vulnerability called Zenbleed (CVE-2023-20593) affecting all Zen 2 class processors.

In September 2024, he was involved in discovering a microcode vulnerability affecting certain AMD Zen based processors.^[11][12][13] (CVE-2024-56161)

• Tavis Ormandy publications indexed by Google Scholar
• "Sophail: Applied attacks against Sophos Antivirus" - Ormandy's paper on insecurities in Sophos products
• Taviso on GitHub

Lua error in Module:Authority_control at line 153: attempt to index field 'wikibase' (a nil value).