Tavis Ormandy

$Id: 4c9621d82c6043de2a62e4007ed2644a48dc84ff $


Photo of Tavis
Photo of Tavis

Hello, my name is Tavis Ormandy, I’m a vulnerability researcher with Google Project Zero. I’m originally from England, but I currently live in the San Francisco Bay Area.

You’re probably interested in some of my vulnerability research, or perhaps some code I’ve written.

I sometimes write about technical topics on my blog, but it probably hasn’t been updated recently. I sometimes tweet about what I’m working on.


January 2023
November 2022
August 2022
July 2022
May 2022
June 2021
February 2021
December 2020
November 2020
October 2020


There was a bug in early Pentiums called the f00f bug, it would cause a deadlock if you provided an invalid operand to cmpxchg8b while using the lock prefix. It was an important vulnerability at the time, and I thought it would be fun to own lock.cmpxchg8b.com.

I think I’m most proud of the KiTrap0D bug, MS10-015. I believe the root cause was Intel changing the x86 spec in the 90s but not publishing any errata. The code was actually correct when it was written, but over the years x86 changed and that introduced a vulnerability!

For many years, if you typed getsystem in metasploit, it used this bug.


Feel free to email me at .