Tavis Ormandy is the guy from the Google Security Team who “makes it happend”.

He’s a researcher on the Google Security Team and faces the unpleasent responsibility of passing all googles products pass the security tests. Tavis is also an open-source contributer, working as a co-lead of the Gentoo Security Team as well. He is one of the faces that should make the Linux Gentoo distribution safe.

In September 2006, Tavis reported vulnerabilities in the gunzip decompressor on behalf of Google. Here is the link to the report made by Tavis: http://www.scary.beasts.org/security/tavis_gzip.txt

He has also discovered lot’s of other vulnerabilities such as PCRE (Perl Compitable Regular Expressions) and Perl Unicode Regular Expression buffer overflow. Links to these hacks can be found here: (PCRE) (UNICODE)

Summary: We should be glad of Tavis work since he’s making the web and the servers safer by contributing and telling the software creators before making the exploits public.

Here’s some collected links that can be interesting:
Tavis Ormandy’s blog
Secwatch profile
Milw0rm profile