On business adoption and use of reproducible builds for open and closed source softwareShow others and affiliations
2023 (English)In: Software quality journal, ISSN 0963-9314, E-ISSN 1573-1367, Vol. 31, no 3, p. 687-719Article in journal (Refereed) Published
Abstract [en]
Reproducible builds (R-Bs) are software engineering practices that reliably create bit-for-bit identical binary executable files from specified source code. R-Bs are applied in someopen source software (OSS) projects and distributions to allow verification that the distrib-uted binary has been built from the released source code. The use of R-Bs has been advo-cated in software maintenance and R-Bs are applied in the development of some OSS secu-rity applications. Nonetheless, industry application of R-Bs appears limited, and we seekto understand whether awareness is low or if significant technical and business reasonsprevent wider adoption. Through interviews with software practitioners and business man-agers, this study explores the utility of applying R-Bs in businesses in the primary and sec-ondary software sectors and the business and technical reasons supporting their adoption.We find businesses use R-Bs in the safety-critical and security domains, and R-Bs are valu-able for traceability and support collaborative software development. We also found thatR-Bs are valued as engineering processes and are seen as a badge of software quality, butwithout a tangible value proposition. There are good engineering reasons to use R-Bs inindustrial software development, and the principle of establishing correspondence betweensource code and binary offers opportunities for the development of further applications.
Place, publisher, year, edition, pages
Springer Nature Switzerland AG , 2023. Vol. 31, no 3, p. 687-719
Keywords [en]
Reproducible builds, Software integrity, Software engineering, Open source software
National Category
Software Engineering
Research subject
Software Systems Research Group (SSRG)
Identifiers
URN: urn:nbn:se:his:diva-22091DOI: 10.1007/s11219-022-09607-zISI: 000889385000001Scopus ID: 2-s2.0-85143160581OAI: oai:DiVA.org:his-22091DiVA, id: diva2:1714688
Funder
University of SkövdeKnowledge Foundation
Note
CC BY 4.0
Published: 29 November 2022
Simon Butler simon.butler@his.se
Correction in: Software Quality Journal. doi:10.1007/s11219-024-09664-6
Open access funding provided by University of Skövde. This research has been financially supported by the Swedish Knowledge Foundation (KK-stiftelsen) and participating partner organisations in the LIM-IT project.
© 2022 Springer Nature Switzerland AG. Part of Springer Nature.
2022-11-302022-11-302024-03-15Bibliographically approved