'Chinese Whisper' security advisories
Source: Linux World
All vendors have made mistakes at some time, and no vendor seems to be any better or worse than the other. Fortunately, these mistakes do not appear to be malicious -- just the result of a game of Chinese Whispers.
The object of the game of "Chinese Whispers" is to see how a phrase changes as it passes to several speakers. Players sit in a circle, and the first player thinks of a phrase and whispers it into the ear of the next player. The second player whispers it to the third, and so on, until it gets back to the to the first player who announces both starting and ending phrases. The two versions are usually wildly different.
Are application developers, Linux vendors, and the media playing this game when they report vulnerabilities in open source software? I think so -- what compelled me to write this is when I reviewed how a recent security vulnerability got reported.