| CPC G06F 21/53 (2013.01) [G06F 21/54 (2013.01); G06F 21/552 (2013.01); H04L 9/3236 (2013.01); H04L 9/3247 (2013.01); H04L 9/50 (2022.05)] | 1 Claim |
|
1. A method to implement traceability and provability on a particular project in software development based on blockchain-recorded transactions of assigned developer time, the method comprising of the following steps:
setting up a blockchain network comprised of a distributed, redundant, and tamper-resistant ledger, the ledger stored redundantly among a network of nodes, each node storing its own identical copy in a blockchain service design, the ledger storing records of transactions involving developers performing critical development functions in software development,
the development functions comprising of performing source code edits, performing software compilations using an approved compiler program to create object files, performing linking using an approved linker program to combine the object files to create executable binaries, performing manipulation of binary with a packer to provide for memory efficient storage of the binary, and performing a manipulation of one or more binaries to create a distribution and installation format for distributing software to an endpoint target platform to provide for the convenient and correct installation of software on the endpoint target platform,
the development function of compilation further involving embedding of metadata into the resulting binary such that the binary is mathematically verified and completely traceable before loading onto the endpoint target platform, the metadata includes file paths, computer equipment identifications, and hashes to trace the binary to source code files, equipment, and personnel used to generate the binary to prove that there has been no unauthorized modification;
collecting and storing hashes and metadata to the blockchain during the course of editing, compiling, and linking, in order to create an executable,
storing to the blockchain an edit action: file path of the source code file, hash of the current version of the source code file, hash of the last version of the source code file, wherein the version is set to zero with the first version of that file, project identification number, developer username, software development environment version number, code revision number, hardware enclave hash, blockchain transaction identification number, and a timestamp of the edit,
storing to the blockchain a compile action: file path of the object file, object file hash, file path of the source code file, source code file hash, file path of the compiler being used, hash of the compiler being used, developer username, code revision number, hardware enclave hash, blockchain transaction identification number, and a timestamp of the compilation,
storing the following information to a link action on the blockchain: file path of the executable, hash of the executable, linker version number, hash of the linker, developer usernames of all developers who have contributed to the linking operation, project identification number, code revision number, hardware enclave hash, the blockchain transaction identification number, a timestamp of the link;
issuing each user an attestable pre-fabricated and signed virtualized environment on approved hardware that comes with functionality required for the user's role implemented as one of a set of virtual machine templates fashioned from a signed and approved pre-fabricated image, the users' virtualized environments issue commands to the blockchain network based on user actions; the network of nodes communicate amongst themselves via blockchain consensus protocols to manage the state of the ledger and any updates that result from those issued commands; and,
verifying that developer is authorized to submit transactions to the project and if so, record each development action on the ledger to enable extensive tracking and auditing of end-to-end software development process.
|