Beyond Trusting FOSS
Verifying with Reproducible Builds
Vagrant is a free software developer involved in the the Debian project, a system administrator for an ARM build farm for Reproducible Builds, and gets thrown around repeatedly as a hobby. You can find vagrant on social networks such as the OpenPGP web of trust and the Debian Bug Tracking system!
Software released under a FOSS license and developed using an FOSS model come with many benefits, allowing the ability to use, study, change, and share not only the software itself, but similarly engage with a community around the software in a transparent manner.
One of the strongest assertions of open-source software is that it is more secure, as many parties are able to independently inspect the code...
Most code in the modern day is distributed as precompiled binary code, indistinguishable from gibberish to even very savvy humans; this makes the binary code largely impractical to audit. Blind trust is a frightening security model!
Reproducible Builds provides a way to build trust that the binaries produced are the intended result of the source code, by making it possible for independent third-party verification of binaries to produce bit-for-bit identical binaries.
This talk will introduce the concepts of Reproducible Builds, including best practices for developing and releasing software, the tools available to help diagnose issues, and touch on progress towards solving decades-old deeply pervasive fundamental security issues...
Learn how to verify and demonstrate trust, rather than simply hoping everything is OK!
- 2023 November 4 - 12:00
- 20 min
- Room 4
- SeaGL 2023
- Security and Privacy
- A Gentle Introduction to Fuzzing for Developers
- Start Time:
- 2023 November 4 11:30
- Room 2
- Fortify Your DevOps Castle: Security Considerations and Best Practices for Open-Source Infrastructure
- Start Time:
- 2023 November 4 12:00
- Room 3