Reproducible Builds: Increasing the Integrity of Software Supply Chains | IEEE Journals & Magazine | IEEE Xplore

Reproducible Builds: Increasing the Integrity of Software Supply Chains


Abstract:

Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable cou...Show More

Abstract:

Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable counterparts. This article examines reproducible builds, an approach that can determine whether generated binaries correspond to the original source code.
Published in: IEEE Software ( Volume: 39, Issue: 2, March-April 2022)
Page(s): 62 - 70
Date of Publication: 13 April 2021

ISSN Information:


You can’t trust code that you did not totally create yourself. […] No amount of source-level verification or scrutiny will protect you from using untrusted code.

Contact IEEE to Subscribe

References

References is not available for this document.