Full Dive, short for Full Dive: This Ultimate Next-Gen Full Dive RPG Is Even Shittier than Real Life! (Japanese: 究極進化したフルダイブRPGが現実よりもクソゲーだったら, Hepburn: Kyūkyoku Shinka shita Furu Daibu RPG ga Genjitsu yori mo Kusogē Dattara), is a Japanese light novel series written by Light Tuchihi and illustrated by Youta. Media Factory has published four volumes since August 2020 under their MF Bunko J imprint. A manga adaptation with art by Kino was serialized in Media Factory's seinen manga magazine Monthly Comic Alive from January 2021 to January 2022. An anime television series adaptation by ENGI aired from April to June 2021. == Plot == Hiroshi Yuki, with the player name of Hiro, is a high school boy who loves to play virtual reality MMORPGs (VRMMORPG) in order to escape reality. When a game store manager named Reona Kisaragi tricks him into buying the game Kiwame Quest, he soon discovers that it is not what it seems. Unlike regular games, it is a game that tries to pursue realism to a fanatical point. As such, Hiroshi struggles to eke out a niche. Despite the disadvantages, he is determined to complete the game. == Characters == === Main characters === Hiroshi Yuki (結城宏, Yūki Hiroshi) Voiced by: Daiki Yamashita, Riho Sugiyama (young) (Japanese); Johnny Yong Bosch, Michele Knotz (young) (English) Hiroshi is a high school student who is tricked into buying Kiwame Quest by game store manager, Reona Kisaragi. He is a former member of the track team who quit following an unfortunate incident and he likes to play VRMMORPGs in order to escape reality. His player name is Hiro. Reona Kisaragi (如月玲於奈, Kisaragi Reona) Voiced by: Ayana Taketatsu (Japanese); Natalie Van Sistine (English) Reona is a game store manager who tricks Hiroshi into buying Kiwame Quest. She likes to tease him and her in-game avatar is that of a fairy. Alicia (アリシア, Arishia) Voiced by: Fairouz Ai (Japanese); Kayli Mills (English) Alicia is one of Hiroshi's childhood friends in Kiwame Quest. She has an older brother named Martin in-game. Mizarisa (ミザリサ) Voiced by: Shiori Izawa (Japanese); Sarah Anne Williams (English) Mizarisa is the town inquisitor in Kiwame Quest. Kaede Yuki (結城楓, Yūki Kaede) Voiced by: Aoi Koga (Japanese); Kate Bristol (English) Kaede is Hiroshi's younger sister. She used to look up to her older brother, but their relationship has been strained ever since he quit the track team. === NPCs === Martin (マーチン, Māchin) Voiced by: Haruki Ishiya, Natsumi Fujiwara (young) (Japanese); Ben Lepley, Krystal LaPorte (young) (English) Martin is one of Hiroshi's childhood friends in Kiwame Quest. He is also Alicia's older brother in-game. Tesla (テスラ, Tesura) Voiced by: Satoshi Hino (Japanese); Jason Liebrecht (English) Tesla is the captain of the City Guard in Kiwame Quest. Govern (ガバン, Gaban) Voiced by: Shizuka Itō (Japanese); Lisa Ortiz (English) Govern is the queen of Ted in Kiwame Quest. === Other characters === Ginji (ギンジ) Voiced by: Katsuyuki Konishi (Japanese); Brent Mukai (English) Ginji is a veteran player of Kiwame Quest. Soichiro Kamui (神居宗一郎, Kamui Sōichirō) Voiced by: Yoshitsugu Matsuoka (Japanese); Samuel Drake (English) Kamui is the only known player who has successfully completed Kiwame Quest. == Media == === Light novels === Light Tuchihi launched the light novel series, with illustrations by Youta, under Media Factory's MF Bunko J label on August 25, 2020. ==== Volumes ==== === Manga === A manga adaptation by Kino was serialized in Media Factory's Monthly Comic Alive magazine from January 27, 2021, to January 27, 2022. Two tankōbon volumes were released from May 21, 2021, to January 21, 2022. ==== Volumes ==== === Anime === An anime television series adaptation was announced on December 4, 2020. The series was animated by ENGI and directed by Kazuya Miura, with Kenta Ihara writing the series' scripts, and Yūta Kevin Kenmotsu designing the characters. It ran from April 7 to June 23, 2021, on AT-X, Tokyo MX, SUN, KBS Kyoto, and BS11. Mayu Maeshima performed the opening theme "Answer", while Ayana Taketatsu, Fairouz Ai, Shiori Izawa, and Aoi Koga performed the ending theme "Kisuida!". It ran for 12 episodes. Funimation licensed and streamed the series. On June 8, 2021, Funimation announced that the series would receive an English dub, which premiered the following day. Following Sony's acquisition of Crunchyroll, the series was moved to Crunchyroll. ==== Episodes ====
PowerBuilder
PowerBuilder is an integrated development environment owned by SAP since the acquisition of Sybase in 2010. On July 5, 2016, SAP and Appeon entered into an agreement whereby Appeon, an independent company, would be responsible for developing, selling, and supporting PowerBuilder. Over the years, PowerBuilder has been updated with new standards. In 2010, a major upgrade of PowerBuilder was released to provide support for the Microsoft .NET Framework. In 2014, support was added for OData, dockable windows, and 64-bit native applications. In 2019 support was added for rapidly creating RESTful Web APIs and non-visual .NET assemblies using the C# language and the .NET Core framework. And PowerScript client app development was revamped with new UI technologies and cloud architecture. In 2025 the IDE was revamped with new code editor and ultra-fast compiler. Appeon has been releasing new features every 6-12 month cycles, which per the product roadmap focus on four key focus areas: sustaining core features, modernizing application UI, improving developer productivity, and incorporating more Cloud technology. == Features == PowerBuilder has a native data-handling component called a DataWindow, which can be used to create, edit, and display data from a database. This object gives the programmer a number of tools for specifying and controlling user interface appearance and behavior, and also provides simplified access to database content and JSON or XML from Web services. To some extent, the DataWindow frees the programmer from considering the differences between Database Management Systems from different vendors. DataWindow can display data using multiple presentation styles and can connect to various data sources. == Usage == PowerBuilder is used primarily for building business-oriented CRUD applications. Although new software products are rarely built with PowerBuilder, many client-server ERP products and line-of-business applications built in the late 1980s to early 2000s with PowerBuilder still provide core database functions for large enterprises in government, higher education, manufacturing, insurance, banking, energy, and telecommunications. == History == === Early history === PowerBuilder originated from Computer Solutions Inc. (CSI), a software consulting firm founded in 1974 by Mitchell Kertzman in Massachusetts. CSI developed GrowthPower, an MRP II software package with integrated financial modules released in 1981, which ran exclusively on the HP 3000 platform and achieved over 1,000 customer installations at its peak. In the late 1980s, as demand increased for graphical user interfaces amid the rise of Microsoft Windows, Kertzman partnered with Dave Litwack, former executive vice president of product development at Cullinet Software (acquired by Computer Associates in 1989). Litwack joined the company in 1988 as head of research and development to develop a client/server GUI tool, leading to its rebranding as Powersoft Corporation in 1990. PowerBuilder 1.0 was released in July 1991 as a rapid application development tool featuring the DataWindow and PowerScript language. Powersoft went public on February 3, 1993, with shares closing at $38 from an initial $20 price. Sybase announced its acquisition of Powersoft on November 15, 1994, in a stock swap valued at approximately $940 million; the merger closed on February 14, 1995, at a revised value of about $904 million due to Sybase's stock fluctuations. === Recent history === In December 2013 SAP announced the new version going directly to number 15 and released a beta version. Key features included support for the .NET Framework v4.5, SQL Server 2012, Oracle 12, Windows 8, OData and Dockable Windows. SAP later released this as version 12.6. On May 31, 2019, PowerBuilder 2019 was released by Appeon. This release supports C# development. It provides a new C# IDE, .NET data access objects, C# migration solution, Web API client, and UI themes. On April 3, 2020, PowerBuilder 2019 R2 was launched by Appeon. This release includes a first-ever PowerScript-to-C# code converter, which can automatically migrate 80-95% of PowerBuilder business logic and DataWindows to C#. Interoperability between PowerScript and .NET programming languages is also now supported. Many existing features have also been enhanced. On January 22, 2021, PowerBuilder 2019 R3 was launched by Appeon. This release provides a groundbreaking new app deployment technology called PowerClient, which securely automates the installation and update of client apps over HTTPS. C# Web API development has been greatly enhanced with asynchronous programming and support for Amazon Aurora and Azure cloud databases. Aside from many other new features, PowerBuilder 2019 R3 is a long-term support (LTS) version that replaces previous LTS versions On August 6, 2021, PowerBuilder 2021 was launched by Appeon. The Cloud deployment capability of the PowerBuilder 2021 IDE, in conjunction with the matching PowerServer 2021 runtime, was revamped, bringing PowerBuilder up-to-date with the latest .NET technologies. The presentation layer now executes PowerScript natively on Windows devices. The middle-tier has been rebuilt around REST API standard with a pure .NET Core implementation. A new CI/CD utility that integrates with Git/SVN and Jenkins, witch compiles all PowerBuilder projects using the command-line interface, was added alongside other features. On September 4, 2022, PowerBuilder 2022 was launched by Appeon. This release brings enhancements to the productivity of developing both client/server & installable cloud apps and more security measures to safeguard your apps. It includes many new features, including Windows 11 support, introducing time-saving functionalities to the IDE, such as Tabbed Code Editor, Jump to Objects, and Quick Code Search, and supports the latest HTTP/2 and TLS 1.3 protocols and two-way TLS authentication. On August 4, 2023, PowerBuilder 2022 R2 was launched by Appeon. This release introduces a range of new features aimed at helping developers build powerful, feature-rich, and secure client/server and installable cloud apps more efficiently, including tabbed windows, fillable PDFs, and SMTP client. On January 8, 2024, PowerBuilder 2022 R3 was launched by Appeon. This release is a long-term support version. Features previously released in earlier releases have been enhanced and/or corrected. On May 7, 2025, PowerBuilder 2025 was launched by Appeon. This release delivers a revamped IDE that boosts developer productivity throughout the SLDC—from writing and extending code to debugging, automating builds, and deploying applications. It features a new-generation code editor, ultra-fast compiler, automatic REST API creation, faster GIT operations, and codeless UI modernization features. == Features == PowerBuilder is an object-oriented programming language. Nearly all of the visual and non-visual objects support inheritance, polymorphism, and encapsulation. The programmer may utilize a common code framework such as PowerBuilder Foundation Classes, also known as PFC, to inherit objects from and leverage pre-existing code. The DataWindow is the key component (and selling point) of PowerBuilder. The DataWindow offers a visual SQL painter which supports outer joins, unions and subquery operations. It can convert SQL to visual representation and back, so the developer can use native SQL if desired. DataWindow updates are automatic — it produces the proper SQL at runtime based on the DBMS to which the user is currently connected. This feature makes it easier for developers who are not experienced with SQL. The DataWindow also has the built-in ability to both retrieve data and update data via stored procedures or REST Web APIs as well as import/export JSON data. The RESTClient object introduced in PowerBuilder 2017 facilitates bridging the DataWindow with REST Web APIs and requiring minimal coding. === RDBMS interfaces === PowerBuilder offers native interfaces to all major databases, as well as ODBC and OLE-DB, in the Enterprise version. There are many connectivity options that allow performance monitoring and tuning, such as: Integrated security Tracing of all SQL Isolation level Password expiration dialog Blocking factor Number of SQL statements to cache Use connection pool Thread safety Trace ODBC API calls Due to the information about the database schema (such as primary key information) that are stored in PowerBuilder's data dictionary, the code required to implement data display and browsing is greatly simplified, because the dictionary information allows generation of the appropriate SQL behind the scenes. PowerBuilder supports the following ways of interacting with a database: DataWindow this is the simplest approach, relying on automatically generated SQL. Embedded SQL Embedded SQL supports SELECT, INSERT, UPDATE, DELETE and cursors. This option is used when the developer desires more control than is available with the
JotterPad
JotterPad is a text editor app for Android, developed by Two App Studio. It is proprietary software that uses the freemium pricing strategy. == Features == Jotterpad supports the markdown and fountain markup languages. Among its features are themes, synchronisation with Google Drive and Dropbox, dictionary and thesaurus, and snapshots. JotterPad uses a freemium pricing model, which means that a restricted version of the app is offered for free, while access to additional functionality requires payment. About half of the features are available in the free version. The synchronisation feature was originally limited to one account, and in Jotterpad 12 the option to synchronise using multiple accounts was added as a monthly subscription service.
Zero-knowledge service
In cloud computing, the term zero-knowledge (or occasionally no-knowledge or zero-access) is a commonly used term for online services that store, transfer or manipulate data with a high level of confidentiality, where the data is only accessible to the data's owner (the client), and not to the service provider. However, unlike "end-to-end encryption", the term "zero-knowledge" does not imply any specific threat model or security notion, and its use is commonly frowned-upon by the security community. The term "zero-knowledge" was popularized by backup service SpiderOak, which later switched to using the term "no knowledge", acknowledging that the previous terminology was not technically accurate. == Disadvantages == Most cloud storage services keep a copy of the client's password on their servers, allowing clients who have lost their passwords to retrieve and decrypt their data using alternative means of authentication; but since zero-knowledge services do not store copies of clients' passwords, if a client loses their password then their data cannot be decrypted, making it practically unrecoverable. Most of the most used cloud storage services, such as Google Drive, Dropbox, OneDrive or iCloud, are also able to furnish access requests from law enforcement agencies for similar reasons; zero-knowledge services, however, are unable to do so, since their systems are designed to make clients' data inaccessible without the client's explicit cooperation.
Simple interactive object extraction
Simple interactive object extraction (SIOX) is an algorithm for extracting foreground objects from color images and videos with very little user interaction. It has been implemented as "foreground selection" tool in the GIMP (since version 2.3.3), as part of the tracer tool in Inkscape (since 0.44pre3), and as function in ImageJ and Fiji (plug-in). Experimental implementations were also reported for Blender and Krita. Although the algorithm was originally designed for videos, virtually all implementations use SIOX primarily for still image segmentation. In fact, it is often said to be the current de facto standard for this task in the open-source world. Initially, a free hand selection tool is used to specify the region of interest. It must contain all foreground objects to extract and as few background as possible. The pixels outside the region of interest form the sure background while the inner region define a superset of the foreground, i.e. the unknown region. A so-called foreground brush is then used to mark representative foreground regions. The algorithm outputs a selection mask. The selection can be refined by either adding further foreground markings or by adding background markings using the background brush. Technically, the algorithm performs the following steps: Create a set of representative colors for sure foreground and sure background, the so-called color signatures. Assign all image points to foreground or background by a weighted nearest neighbor search in the color signatures. Apply some standard image processing operations like erode, dilate, and blur to remove artifacts. Find the connected foreground components that are either large enough or marked by the user. For video segmentation the sure background and sure foreground regions are learned from motion statistics. SIOX also features tools that allow sub-pixel accurate refinement of edges and high texture areas, the so-called "detail refinement brushes". As with all segmentation algorithms, there are always pictures where the algorithm does not yield perfect results. The most critical drawback of SIOX is the color dependence. Although many photos are well-separable by color, the algorithm cannot deal with camouflage. If the foreground and background share many identical shades of similar colors, the algorithm might give a result with parts missing or incorrectly classified foreground. SIOX performs about equally well on different benchmarks compared to graph-based segmentation methods, such as Grabcut. SIOX is, however, more noise robust and can therefore also be used for the segmentation of videos. Graph-based segmentation methods search for a minimum cut and therefore tend to not perform optimally with complex structures. The algorithm has initially been developed at the department of computer science at Freie Universitaet Berlin. The main developer, Gerald Friedland, is now faculty at the EECS department of the University of California at Berkeley and also a Principal Data Scientist at Lawrence Livermore National Lab. He continues to support the development through mentoring, e.g. in the Google Summer of Code.
Software construction
Software construction is the process of creating working software via coding and integration. The process includes unit and integration testing although does not include higher level testing such as system testing. Construction is an aspect of the software development lifecycle and is integrated in the various software development process models with varying focus on construction as an activity separate from other activities. In the waterfall model, a software development effort consists of sequential phases including requirements analysis, design, and planning which are prerequisites for starting construction. In an iterative model such as scrum, evolutionary prototyping, or extreme programming, construction as an activity that occurs concurrently or overlapping other activities. Construction planning may include defining the order in which components are created and integrated, the software quality management processes, and the allocation of tasks to teams and developers. To facilitate project management, numerous construction aspects can be measured; these include the amount of code developed, modified, reused, and destroyed, code complexity, code inspection statistics, faults-fixed and faults-found rates, and effort expended. These measurements can be useful for aspects such as ensuring quality and improving the process. == Activities == Construction includes many activities. === Coding === The following are a few of the key aspects of the coding activity: Naming Choice of name for each identifier. One study showed that the effort required to debug a program is minimized when variable names are between 10 and 16 characters. Logic Organization into statements and routines Highly cohesive routines proved to be less error prone than routines with lower cohesion. A study of 450 routines found that 50 percent of the highly cohesive routines were fault free compared to only 18 percent of routines with low cohesion. Another study of a different 450 routines found that routines with the highest coupling-to-cohesion ratios had 7 times as many errors as those with the lowest coupling-to-cohesion ratios and were 20 times as costly to fix. Although studies showed inconclusive results regarding the correlation between routine sizes and the rate of errors in them, but one study found that routines with fewer than 143 lines of code were 2.4 times less expensive to fix than larger routines. Another study showed that the code needed to be changed least when routines averaged 100 to 150 lines of code. Another study found that structural complexity and amount of data in a routine were correlated with errors regardless of its size. Interfaces between routines are some of the most error-prone areas of a program. One study showed that 39 percent of all errors were errors in communication between routines. Unused parameters are correlated with an increased error rate. In one study, only 17 to 29 percent of routines with more than one unreferenced variable had no errors, compared to 46 percent in routines with no unused variables. The number of parameters of a routine should be 7 at maximum as research has found that people generally cannot keep track of more than about seven chunks of information at once. One experiment showed that designs which access arrays sequentially, rather than randomly, result in fewer variables and fewer variable references. One experiment found that loops-with-exit are more comprehensible than other kinds of loops. Regarding the level of nesting in loops and conditionals, studies have shown that programmers have difficulty comprehending more than three levels of nesting. Control flow complexity has been shown to correlate with low reliability and frequent errors. Modularity Structuring and refactoring the code into classes, packages and other structures. When considering containment, the maximum number of data members in a class shouldn't exceed 7±2. Research has shown that this number is the number of discrete items a person can remember while performing other tasks. When considering inheritance, the number of levels in the inheritance tree should be limited. Deep inheritance trees have been found to be significantly associated with increased fault rates. When considering the number of routines in a class, it should be kept as small as possible. A study on C++ programs has found an association between the number of routines and the number of faults. A study by NASA showed that the putting the code into well-factored classes can double the code reusability compared to the code developed using functional design. Error handling Encoding logic to handle both planned and unplanned errors and exceptions. Resource management Managing computational resource use via exclusion mechanisms and discipline in accessing serially reusable resources, including threads or database locks. Security Prevention of code-level security breaches such as buffer overrun and array index overflow. Optimization Optimization while avoiding premature optimization. Documentation Both embedded in the code as comments and as external documents. === Integration === Integration is about combining separately constructed parts. Concerns include planning the sequence in which components will be integrated, creating scaffolding to support interim versions of the software, determining the degree of testing and quality work performed on components before they are integrated, and determining points in the project at which interim versions are tested. === Testing === Testing can reduce the time between when faulty logic is inserted in the code and when it is detected. In some cases, testing is performed after code has been written, but in test-first programming, test cases are created before code is written. Construction includes at least two forms of testing, often performed by the developer who wrote the code: unit testing and integration testing. === Reuse === Software reuse entails more than creating and using libraries. It requires formalizing the practice of reuse by integrating reuse processes and activities into the software life cycle. The tasks related to reuse in software construction during coding and testing may include: selection of the reusable code, evaluation of code or test re-usability, reporting reuse metrics. === Quality assurance === Techniques for ensuring quality as software is constructed include: Testing One study found that the average defect detection rates of Unit testing and integration testing are 30% and 35% respectively. Software inspection With respect to software inspection, one study found that the average defect detection rate of formal code inspections is 60%. Regarding the cost of finding defects, a study found that code reading detected 80% more faults per hour than testing. Another study shown that it costs six times more to detect design defects by using testing than by using inspections. A study by IBM showed that only 3.5 hours were needed to find a defect through code inspections versus 15–25 hours through testing. Microsoft has found that it takes 3 hours to find and fix a defect by using code inspections and 12 hours to find and fix a defect by using testing. In a 700 thousand lines program, it was reported that code reviews were several times as cost-effective as testing. Studies found that inspections result in 20% - 30% fewer defects per 1000 lines of code than less formal review practices and that they increase productivity by about 20%. Formal inspections will usually take 10% - 15% of the project budget and will reduce overall project cost. Researchers found that having more than 2 - 3 reviewers on a formal inspection doesn't increase the number of defects found, although the results seem to vary depending on the kind of material being inspected. Technical review With respect to technical review, one study found that the average defect detection rates of informal code reviews and desk checking are 25% and 40% respectively. Walkthroughs were found to have a defect detection rate of 20% - 40%, but were found also to be expensive especially when project pressures increase. Code reading was found by NASA to detect 3.3 defects per hour of effort versus 1.8 defects per hour for testing. It also finds 20% - 60% more errors over the life of the project than different kinds of testing. A study of 13 reviews about review meetings, found that 90% of the defects were found in preparation for the review meeting while only around 10% were found during the meeting. Static analysis With respect to Static analysis (IEEE1028), studies have shown that a combination of these techniques needs to be used to achieve a high defect detection rate. Other studies showed that different people tend to find different defects. One study found that the extreme programming practices of pair programming, desk checking, unit testing, integration testing, and regression testing can achieve a 90% defect detection rate. An experiment involving exper
Transparency in the software supply chain
Transparency in the software supply chain is a condition in which participants involved in the development, procurement, operation, auditing, or regulation of software can determine which components, dependencies, build stages, identifiers, and relationships within the supply chain make up the delivered product. The disclosure of information about software components, their interrelationships, origins, and development methods—for the purposes of risk management, vulnerability detection, and compliance—takes place throughout the software lifecycle. Transparency is one of the key security attributes of the software supply chain, as a deeper understanding of the chain enables participants to identify vulnerabilities and mitigate threats. Problems in the software supply chain can cause billions in losses and create operational challenges for government and commercial entities, as demonstrated by incidents involving SolarWinds, Bybit, 3CX, Jaguar Land Rover, GitHub, and NotPetya. Modern software is often assembled from third-party libraries and open-source components. According to research by the Linux Foundation and Synopsys, 96% of the commercial codebases analyzed contained open-source software, and 70–90% of a typical codebase may consist of open-source components. Without transparency, any software component can become a threat. As a result, companies may spend billions of dollars building robust external defenses, but this will not protect against vulnerabilities in legitimate software inside the perimeter. At the same time, supply chain attacks also erode trust between customers and their IT providers, as malicious code is often embedded in official updates with certificates and digital signatures. One of the primary ways to ensure transparency is through a software bill of materials, which documents the components used to create the software and the relationships within the supply chain. == Concept == The software supply chain is the collection of systems, devices, people, artifacts, and processes involved in the creation of the final software product. Attacks on the software supply chain differ from conventional attacks in that they follow a four-stage pattern: compromise, modification, distribution, and subsequent exploitation of the compromised or modified component. A defining feature of a supply chain attack is the introduction or manipulation of a change at an upstream stage, which is subsequently exploited at a downstream stage. Transparency refers to the availability of knowledge about the chain, while validity concerns the integrity of operations and artifacts and the authentication of participants, and separation involves reducing unnecessary trust relationships and the radius of impact through compartmentalization. In this framework, transparency primarily helps during the pre-compromise and detection phases, as a clearer understanding of participants, operations, and artifacts makes it easier to identify weak links before attackers exploit them. Current major attack vectors include dependencies and containers, build infrastructure, and human participants, such as maintainers or developers. == History == Software supply-chain transparency developed from earlier efforts to document software components, long before the term came into widespread use in the cybersecurity field. Early component-documentation formats included SPDX, first published in 2011, and CycloneDX, first published in 2017. Initially, these formats were created to support license compliance, package identification, and tool compatibility. Their development helped shape a broader concept of software supply chain transparency, encompassing component documentation, disclosure practices, risk management, security analysis, and regulatory compliance. In 2018, the U.S. National Telecommunications and Information Administration launched a multistakeholder process on promoting software component transparency. This process helped move work on SBOMs from a specialized technical practice into the realm of policy and procurement to identify components used in software products. The 2020 compromise of the SolarWinds Orion platform made software supply chain security a central issue in government cybersecurity policy. An analysis of the “Sunburst” campaign prepared by the Atlantic Council noted that the vulnerability of the software supply chain had become a realized risk for national-security agencies. In May 2021, U.S. President Joe Biden issued Executive Order 14028, which directed federal agencies to improve cybersecurity and increase transparency in the software supply chain, including requirements related to SBOMs. Reuters reported that the executive order required software developers selling their products to the federal government to provide greater visibility into their software and make security data available. In July 2021, the NTIA published the document “The Minimum Elements for a Software Bill of Materials (SBOM)”, defining the basic data fields and practices for creating SBOMs. Between 2021 and 2025, the U.S. Cybersecurity and Infrastructure Security Agency updated its guidance on “Framing Software Component Transparency”, expanding the set of SBOM attributes, metadata requirements, and operational recommendations for the creation, exchange, and use of SBOMs. Major incidents that occurred following the SolarWinds attack have underscored the importance of transparency in vulnerability management and supply chain security. The Log4Shell vulnerability in the Log4j library, disclosed in December 2021, demonstrated how difficult it can be for organizations to identify a vulnerable component deeply embedded within applications and services. In 2024, an attempt to plant a backdoor in XZ Utils showed how attackers could exploit trust in open-source maintenance processes to introduce malicious code into widely used infrastructure software. By the mid-2020s, software supply chain transparency had become part of international cybersecurity coordination and regulation. On September 3, 2025, Japan's Ministry of Economy, Trade and Industry and the National Cybersecurity Office, in collaboration with cybersecurity agencies from 15 countries, released the document “A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity.” In the European Union, the Cyber Resilience Act required manufacturers of products with digital elements to create, maintain, and retain SBOMs as part of the technical documentation for software placed on the EU market. == Transparency mechanisms == The primary mechanism for ensuring transparency is the software bill of materials (SBOM). An SBOM is a structured list of components, libraries, and tools used to build and distribute a software product, and it records dependencies in a way that helps organizations understand and assess their software supply chains. It can also be described as a formal record of components and their interdependencies, which gives users insight into their actual exposure to risks and threats. Five key areas of SBOM application in software supply chain security have been identified: vulnerability management, ensuring transparency, component evaluation, risk assessment, and ensuring supply chain integrity. In software supply chains, an SBOM documents all components, both open-source and proprietary. Under Executive Order 14028, U.S. federal agencies require software suppliers to provide SBOMs for government-procured software. The list of minimum required SBOM elements defined by NTIA includes three main categories: required data fields for describing each component (name, version, identifiers), automation support (machine-readable format, generation tools), and recommendations for creating SBOMs during development and purchasing. The post-2021 push for SBOMs was intended to provide visibility into the components used within software and to expose parts of an application that would otherwise remain hidden. This information can be used to prioritize patches, manage vulnerabilities, and support compliance work. Transparency also supports software traceability, which is becoming a standard feature of developer platforms. Traceability has become important because organizations are increasingly required to demonstrate how software was created, rather than simply listing its components. Higher levels of assurance require signed, tamper-proof traceability and more isolated, verifiable build environments. A related mechanism is build reproducibility. Reproducible builds are defined as build processes that make the compilation process deterministic, ensuring that the same source code always produces the same binary file. These builds are considered a foundational element for distributed verification, transparency-log maintenance, supply-chain workflow integration, and the creation of keyless signatures based on verifiable logs. Although reproducibility does not replace inventory or attestation, it gives external par