---
name: Orange Tsai
alias: orange
nationality: tw
website: https://blog.orange.tw
twitter: orange_8361
github: orangetw
linkedin: orange-tsai-8a248643
hackerone: orange
bugcrowd: orange
cves:
  - CVE-2017-8496
  - CVE-2017-8648
  - CVE-2018-1000600
  - CVE-2018-1000861
  - CVE-2018-1999002
  - CVE-2018-1999046
  - CVE-2019-1003000
  - CVE-2019-1003001
  - CVE-2019-1003002
  - CVE-2019-11507
  - CVE-2019-11508
  - CVE-2019-11510
  - CVE-2019-11538
  - CVE-2019-11539
  - CVE-2019-11540
  - CVE-2019-11542
  - CVE-2019-13411
  - CVE-2019-13412
  - CVE-2019-15064
  - CVE-2019-15065
  - CVE-2019-15066
  - CVE-2020-15505
  - CVE-2020-15506
  - CVE-2020-15507
  - CVE-2020-29563
---
Cheng-Da Tsai, also as known as Orange Tsai, is the principal security researcher of DEVCORE and member of CHROOT security group from Taiwan. He has spoken at conferences such as Black Hat USA/ASIA, DEF CON, HITCON, HITB, Hack.lu, CODEBLUE and WooYun. He participates in numerous Capture-the-Flags (CTF), and won 2nd place in DEF CON 22/25 as team member of HITCON. Currently, he is focusing on application security and 0day research. Orange enjoys finding vulnerabilities and participating in Bug Bounty Programs. He is enthusiastic about Remote Code Execution (RCE), and uncovered RCEs in several vendors, such as Facebook, Uber, Apple, GitHub, Amazon, Netflix, Yahoo and Imgur.