Mark J. Cox

(LinuxWorld) -- The object of the game of "Chinese Whispers" is to see how a phrase changes as it passes to several speakers. Players sit in a circle, and the first player thinks of a phrase and whispers it into the ear of the next player. The second player whispers it to the third, and so on, until it gets back to the to the first player who announces both starting and ending phrases. The two versions are usually wildly different. Are application developers, Linux vendors, and the media playing this game when they report vulnerabilities in open source software? I think so -- what compelled me to write this is when I reviewed how a recent security vulnerability got reported. It is essential that security vulnerabilities get reported accurately so that affected users can make informed decisions, and so we don't get caught up in spreading unnecessary fear, uncertainty... (more)