English
Related papers

Related papers: Towards Build Verifiability for Java-based Systems

200 papers

The increasing complexity of software supply chains and the rise of supply chain attacks have elevated concerns around software integrity. Users and stakeholders face significant challenges in validating that a given software artifact…

Software Engineering · Computer Science 2025-11-12 Aman Sharma , Benoit Baudry , Martin Monperrus

Researchers, students and practitioners often encounter a situation when the build process of a third-party software system fails. In this paper, we aim to confirm this observation present mainly as anecdotal evidence so far. Using a…

Software Engineering · Computer Science 2017-12-05 Matúš Sulír , Jaroslav Porubän

In this paper we present attestable builds, a new paradigm to provide strong source-to-binary correspondence in software artifacts. We tackle the challenge of opaque build pipelines that disconnect the trust between source code, which can…

Cryptography and Security · Computer Science 2025-10-27 Daniel Hugenroth , Mario Lins , René Mayrhofer , Alastair Beresford

Although it is possible to increase confidence in Free and Open Source Software (FOSS) by reviewing its source code, trusting code is not the same as trusting its executable counterparts. These are typically built and distributed by…

Software Engineering · Computer Science 2021-04-14 Chris Lamb , Stefano Zacchiroli

Incremental and parallel builds are crucial features of modern build systems. Parallelism enables fast builds by running independent tasks simultaneously, while incrementality saves time and computing resources by processing the build…

Software Engineering · Computer Science 2023-12-05 Thodoris Sotiropoulos , Stefanos Chaliasos , Dimitris Mitropoulos , Diomidis Spinellis

Most businesses rely on a significant stack of software to perform their daily operations. This software is business-critical as defects in this software have major impacts on revenue and customer satisfaction. The primary means for…

Software Engineering · Computer Science 2020-11-03 Peter Schrammel

VeriFast is a prototype tool based on separation logic for modular verification of C and Java programs. We are in the process of adding support for C++. In this report, we describe the features of C++ for which we added support so far, as…

Logic in Computer Science · Computer Science 2022-12-29 Niels Mommen , Bart Jacobs

In response to challenges in software supply chain security, several organisations have created infrastructures to independently build commodity open source projects and release the resulting binaries. Build platform variability can…

Cryptography and Security · Computer Science 2025-04-10 Jens Dietrich , Tim White , Behnaz Hassanshahi , Paddy Krishnan

Critical software systems face stringent requirements in safety, security, and reliability due to the circumstances surrounding their operation. Safety and security have progressively gained importance over the years due to the integration…

Software Engineering · Computer Science 2015-12-16 Julio Escribano-Barreno , Marisol García-Valls

Software ecosystems like Maven Central play a crucial role in modern software supply chains by providing repositories for libraries and build plugins. However, the separation between binaries and their corresponding source code in Maven…

Cryptography and Security · Computer Science 2025-09-11 Behnaz Hassanshahi , Trong Nhan Mai , Benjamin Selwyn Smith , Nicholas Allen

Large repositories of source code for research tend to limit their utility to static analysis of the code, as they give no guarantees on whether the projects are compilable, much less runnable in any way. The immediate consequence of the…

Software Engineering · Computer Science 2018-04-13 Pedro Martins , Rohan Achar , Cristina V. Lopes

The current verification flow of complex systems uses different engines synergistically: virtual prototyping, formal verification, simulation, emulation and FPGA prototyping. However, none is able to verify a complete architecture.…

Logic in Computer Science · Computer Science 2018-02-12 Tomas Grimm , Djones Lettnin , Michael Hübner

Rebuilding packages from open source is a common practice to improve the security of software supply chains, and is now done at an industrial scale. The basic principle is to acquire the source code used to build a package published in a…

Software Engineering · Computer Science 2026-02-24 Jens Dietrich , Behnaz Hassanshahi

Proponents of software verification have argued that simpler code is easier to verify: that is, that verification tools issue fewer false positives and require less human intervention when analyzing simpler code. We empirically validate…

Software Engineering · Computer Science 2023-11-01 Kobi Feldman , Martin Kellogg , Oscar Chaparro

Reproducible builds are a set of software development practices that establish an independently verifiable path from source code to binary artifacts, helping to detect and mitigate certain classes of supply chain attacks. Although quantum…

Quantum Physics · Physics 2025-10-03 Iyán Méndez Veiga , Esther Hänggi

This study investigates vulnerabilities in dependencies of sampled open-source software (OSS) projects, the relationship between these and overall project security, and how developers' behaviors and practices influence their mitigation.…

Cryptography and Security · Computer Science 2024-08-27 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Eddie Batista de Lima Filho , Lucas Carvalho Cordeiro

Supply chain attacks have emerged as a prominent cybersecurity threat in recent years. Reproducible and bootstrappable builds have the potential to reduce such attacks significantly. In combination with independent, exhaustive and periodic…

Cryptography and Security · Computer Science 2025-05-29 Joshua Drexel , Esther Hänggi , Iyán Méndez Veiga

Verifying that a compiled binary originates from its claimed source code is a fundamental security requirement, called source code provenance. Achieving verifiable source code provenance in practice remains challenging. The most popular…

Software Engineering · Computer Science 2026-02-13 Javier Ron , Martin Monperrus

The technology of formal software verification has made spectacular advances, but how much does it actually benefit the development of practical software? Considerable disagreement remains about the practicality of building systems with…

Software Engineering · Computer Science 2026-01-21 Li Huang , Sophie Ebersold , Alexander Kogtenkov , Bertrand Meyer , Yinling Liu

Context: Downloading the source code of open-source Java projects and building them on a local computer using Maven, Gradle, or Ant is a common activity performed by researchers and practitioners. Multiple studies so far found that about…

Software Engineering · Computer Science 2024-08-22 Matúš Sulír , Jaroslav Porubän , Sergej Chodarev
‹ Prev 1 2 3 10 Next ›