Xavier de Carné de Carnavalet, a master’s student at Concordia University, Montreal recently demonstrated that the official binary of Truecrypt 7.1a for Windows is indeed produced from the supplied source. Proving that a compiled binary derives from the same source on many platforms is far from trivial as you must ensure that all variables (compiler flags, library versions, etc.) are identical to the original build. His report includes detailed instructions should you wish to reproduce his results.
Of course this does not mean that Truecrypt is proven to be safe. This merely validates that the source code and binaries released to the public match. A backdoor could still exist in the source – and yes, a subtle “bug” could hide in plain site for long period of time.
Mike the Crypto Goat 