You can’t trust code that you did not totally create yourself. […] No amount of source-level verification or scrutiny will protect you from using untrusted code.
Abstract:
Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable cou...Show MoreMetadata
Abstract:
Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable counterparts. This article examines reproducible builds, an approach that can determine whether generated binaries correspond to the original source code.
Published in: IEEE Software ( Volume: 39, Issue: 2, March-April 2022)