Corrupted build environments can deliver compromised cryptographically signed binaries. Several exploits in in critical supply chains have been demonstrated in recent years, proving that this is not just theoretical. The most well secured build environments are still single points of failure when they fail. In 1984, Ken Thompson presented "Reflections on trusting trust" which described an attack on a build toolchain that would be impossible to detect through source code review ... in the decades since, what has been done to actually mitigate these types of attacks? Work in the Reproducible Builds and Bootstrappable Builds communities has been progressing steadily in recent years, and can be used to significantly reduce the risks of "Trusting Trust" and other supply chain attacks, by making it possible to independently review not only the end result, but the entire toolchain used to build a given artifact. This talk will focus on the state of the art from several angles in related Free and Open Source Software projects, what works, current challenges and future plans for building trustworthy toolchains you do not need to trust. https://reproducible-builds.org https://bootstrappable.org
Speakers: Vagrant Cascadian