luj.fr
research·2024·1 min read

Increasing trust in the open source supply chain with reproducible builds and functional package management

  • Authors: J. Malka

  • Venue: ICSE Doctoral Symposium 24

  • Preprint: https://hal.science/hal-04482192v1

Functional package managers (FPMs) and reproducible builds (R-B) are technologies and methodologies that are conceptually very different from the traditional software deployment model, and that have promising properties for software supply chain security. This thesis aims to evaluate the impact of FMPs and R-B on the security of the software supply chain and propose improvements to the FPM model to further improve trust in the open source supply chain.