Reproducible Builds: Increasing the Integrity of Software Supply Chains
Chris Lamb, Stefano Zacchiroli
Abstract
Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable counterparts. This article examines reproducible builds, an approach that can determine whether generated binaries correspond to the original source code.
Topics & Concepts
ExecutableComputer scienceSource codeSoftware engineeringCode reviewProgramming languageSoftwareCode (set theory)Software developmentBackportingSoftware qualitySoftware constructionOperating systemSet (abstract data type)Software Engineering ResearchAdvanced Malware Detection TechniquesScientific Computing and Data Management