OR Avast deactivated an element in her suite that, ironically, posed a significant security risk.
According to Avast, Ormandy discovered a vulnerability that allowed remote code execution in the software, the details of which were not made public.
He also revealed that if the attackers were able to exploit any holes in his JS Avast on the victim's computer, malicious applications could run on that computer with system-admin privileges.
It should be noted that Ormandy did not reveal specific errors.
A compliment from the safety community for Avast is something very difficult lately. After the data sale scandal, the company found itself in the spotlight again when it was revealed that the AntiTrack tool contained errors which could allow man-in-the-middle attacks to monitor supposedly secure connections.