Open this publication in new window or tab >>Show others...
2023 (English)In: Software quality journal, ISSN 0963-9314, E-ISSN 1573-1367, Vol. 31, no 3, p. 687-719Article in journal (Refereed) Published
Abstract [en]
Reproducible builds (R-Bs) are software engineering practices that reliably create bit-for-bit identical binary executable files from specified source code. R-Bs are applied in someopen source software (OSS) projects and distributions to allow verification that the distrib-uted binary has been built from the released source code. The use of R-Bs has been advo-cated in software maintenance and R-Bs are applied in the development of some OSS secu-rity applications. Nonetheless, industry application of R-Bs appears limited, and we seekto understand whether awareness is low or if significant technical and business reasonsprevent wider adoption. Through interviews with software practitioners and business man-agers, this study explores the utility of applying R-Bs in businesses in the primary and sec-ondary software sectors and the business and technical reasons supporting their adoption.We find businesses use R-Bs in the safety-critical and security domains, and R-Bs are valu-able for traceability and support collaborative software development. We also found thatR-Bs are valued as engineering processes and are seen as a badge of software quality, butwithout a tangible value proposition. There are good engineering reasons to use R-Bs inindustrial software development, and the principle of establishing correspondence betweensource code and binary offers opportunities for the development of further applications.
Place, publisher, year, edition, pages
Springer Nature Switzerland AG, 2023
Keywords
Reproducible builds, Software integrity, Software engineering, Open source software
National Category
Software Engineering
Research subject
Software Systems Research Group (SSRG)
Identifiers
urn:nbn:se:his:diva-22091 (URN)10.1007/s11219-022-09607-z (DOI)000889385000001 ()2-s2.0-85143160581 (Scopus ID)
Funder
University of SkövdeKnowledge Foundation
Note
CC BY 4.0
Published: 29 November 2022
Simon Butler simon.butler@his.se
Correction in: Software Quality Journal. doi:10.1007/s11219-024-09664-6
Open access funding provided by University of Skövde. This research has been financially supported by the Swedish Knowledge Foundation (KK-stiftelsen) and participating partner organisations in the LIM-IT project.
© 2022 Springer Nature Switzerland AG. Part of Springer Nature.
2022-11-302022-11-302024-03-15Bibliographically approved