Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
On business adoption and use of reproducible builds for open and closed source software
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Software Systems Research Group (SSRG))ORCID iD: 0000-0002-6215-3753
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Software Systems Research Group (SSRG))ORCID iD: 0000-0003-2700-2535
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Software Systems Research Group (SSRG))ORCID iD: 0000-0002-2825-135X
Combitech AB, Linköping, Sweden.ORCID iD: 0000-0002-2161-164X
Show others and affiliations
2023 (English)In: Software quality journal, ISSN 0963-9314, E-ISSN 1573-1367, Vol. 31, no 3, p. 687-719Article in journal (Refereed) Published
Abstract [en]

Reproducible builds (R-Bs) are software engineering practices that reliably create bit-for-bit identical binary executable files from specified source code. R-Bs are applied in someopen source software (OSS) projects and distributions to allow verification that the distrib-uted binary has been built from the released source code. The use of R-Bs has been advo-cated in software maintenance and R-Bs are applied in the development of some OSS secu-rity applications. Nonetheless, industry application of R-Bs appears limited, and we seekto understand whether awareness is low or if significant technical and business reasonsprevent wider adoption. Through interviews with software practitioners and business man-agers, this study explores the utility of applying R-Bs in businesses in the primary and sec-ondary software sectors and the business and technical reasons supporting their adoption.We find businesses use R-Bs in the safety-critical and security domains, and R-Bs are valu-able for traceability and support collaborative software development. We also found thatR-Bs are valued as engineering processes and are seen as a badge of software quality, butwithout a tangible value proposition. There are good engineering reasons to use R-Bs inindustrial software development, and the principle of establishing correspondence betweensource code and binary offers opportunities for the development of further applications.

Place, publisher, year, edition, pages
Springer Nature Switzerland AG , 2023. Vol. 31, no 3, p. 687-719
Keywords [en]
Reproducible builds, Software integrity, Software engineering, Open source software
National Category
Software Engineering
Research subject
Software Systems Research Group (SSRG)
Identifiers
URN: urn:nbn:se:his:diva-22091DOI: 10.1007/s11219-022-09607-zISI: 000889385000001Scopus ID: 2-s2.0-85143160581OAI: oai:DiVA.org:his-22091DiVA, id: diva2:1714688
Funder
University of SkövdeKnowledge Foundation
Note

CC BY 4.0

Published: 29 November 2022

Simon Butler simon.butler@his.se

Correction in: Software Quality Journal. doi:10.1007/s11219-024-09664-6

Open access funding provided by University of Skövde. This research has been financially supported by the Swedish Knowledge Foundation (KK-stiftelsen) and participating partner organisations in the LIM-IT project.

© 2022 Springer Nature Switzerland AG. Part of Springer Nature.

Available from: 2022-11-30 Created: 2022-11-30 Last updated: 2024-03-15Bibliographically approved

Open Access in DiVA

fulltext(1518 kB)21 downloads
File information
File name FULLTEXT03.pdfFile size 1518 kBChecksum SHA-512
918722cdae4d5f1380d6f6c5a396d8f54da0d1c6189d522f15eb02b1793a1461d8e8121ea58e708ce6471e0fb491bc1b47a53f5c8054a61fd5aa72f075ac13ee
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopusRelated item: Correction to: On business adoption and use of reproducible builds for open and closed source software. doi:10.1007/s11219-024-09664-6

Authority records

Butler, SimonGamalielsson, JonasLundell, BjörnBrax, ChristofferMattsson, Anders

Search in DiVA

By author/editor
Butler, SimonGamalielsson, JonasLundell, BjörnBrax, ChristofferMattsson, AndersGustavsson, TomasFeist, JonasLönroth, Erik
By organisation
School of InformaticsInformatics Research Environment
In the same journal
Software quality journal
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 145 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 234 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf