Reproducible Builds: Increasing the Integrity of Software Supply Chains

Chris Lamb; Stefano Zacchiroli

doi:10.1109/MS.2021.3073045

Reproducible Builds: Increasing the Integrity of Software Supply Chains

Chris Lamb
, Stefano Zacchiroli

Résultats de recherche: Contribution à un journal › Article › Revue par des pairs

Résumé

Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable counterparts. This article examines reproducible builds, an approach that can determine whether generated binaries correspond to the original source code.

langue originale	Anglais
Pages (de - à)	62-70
Nombre de pages	9
journal	IEEE Software
Volume	39
Numéro de publication	2
Les DOIs	https://doi.org/10.1109/MS.2021.3073045
état	Publié - 1 janv. 2022
Modification externe	Oui

Accès au document

10.1109/MS.2021.3073045

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

@article{b99c0ed4c2fb42dd87c15979e4443e0e,

title = "Reproducible Builds: Increasing the Integrity of Software Supply Chains",

abstract = "Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable counterparts. This article examines reproducible builds, an approach that can determine whether generated binaries correspond to the original source code.",

author = "Chris Lamb and Stefano Zacchiroli",

note = "Publisher Copyright: {\textcopyright} 1984-2012 IEEE.",

year = "2022",

month = jan,

day = "1",

doi = "10.1109/MS.2021.3073045",

language = "English",

volume = "39",

pages = "62--70",

journal = "IEEE Software",

issn = "0740-7459",

number = "2",

}

TY - JOUR

T1 - Reproducible Builds

T2 - Increasing the Integrity of Software Supply Chains

AU - Lamb, Chris

AU - Zacchiroli, Stefano

PY - 2022/1/1

Y1 - 2022/1/1

N2 - Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable counterparts. This article examines reproducible builds, an approach that can determine whether generated binaries correspond to the original source code.

AB - Although it is possible to increase confidence in free and open source software by reviewing its source code, trusting code is not the same as trusting its executable counterparts. This article examines reproducible builds, an approach that can determine whether generated binaries correspond to the original source code.

UR - https://www.scopus.com/pages/publications/85104254005

U2 - 10.1109/MS.2021.3073045

DO - 10.1109/MS.2021.3073045

M3 - Article

AN - SCOPUS:85104254005

SN - 0740-7459

VL - 39

SP - 62

EP - 70

JO - IEEE Software

JF - IEEE Software

IS - 2

ER -

Reproducible Builds: Increasing the Integrity of Software Supply Chains

Résumé

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation