Achieving "reproducible builds" for improved software security
23 May 2025
Award ceremony at the MSR (Mining Software Repositories) banquet at the Canadian Museum of History, Ottawa. From l. to r.: Bram Adams (MSR general chair), Julien Malka, Stefano Zacchiroli, Olga Baysal & Ayushi Rastogi (MSR programme co-chairs) – photo Roberto Di Cosmo
The Mining Software Repositories (MSR) conference is the most prestigious scientific conference on software analytics, whereby software engineering data is analysed using a mix of data science, machine learning / artificial intelligence and qualitative methodologies.
Our researchers wanted to find out whether this method works, even when applied to hundreds of thousands of software programs. They therefore tested more than 700,000 programs in a system called Nix, between 2017 and 2023.
Their experience showed that, in most cases, the software was identical during manufacture. Sometimes there were small differences, often due to dates or information added automatically during manufacture.