2025-11-08 –, Room 334
The integrity of software has become an increasingly critical concern in an era where digital systems underpin everything from financial transactions to critical infrastructure. Despite advancements in software security, a fundamental vulnerability still remains overlooked: the lack of verifiability in how open source software is constructed from its source code.
This talk introduces the concept of reproducible builds, its technical underpinnings and its potentially transformative impact on software security and transparency. It is aimed at developers, security professionals and policy-makers who are concerned with enhancing trust and accountability in our software. It also provides a history of the Reproducible Builds project, which is approximately ten years old. How are we getting on? What have we got left to do? Aren't all the builds reproducible now?
Hi, I'm Chris Lamb (aka lamby), a 39-year-old software engineer. I am a core team member of the Reproducible Builds project where I implement and research software supply-chain security.