Cryptographic bill of materials (CBOM—also cryptography bill of materials) is a structured inventory of all cryptographic assets present in a software, firmware, device, or system. It enumerates algorithms (and parameters such as key sizes and modes), cryptographic libraries or modules, digital certificates, keys and related material, and protocols in use, and maps their relationships to the components that implement or invoke them. CBOMs are used to improve security analysis, compliance, and cryptographic agility, and are increasingly referenced in guidance for post‑quantum cryptography (PQC) migration. == Definition and scope == A CBOM inventories cryptographic primitives and materials—such as encryption and signature algorithms (with specific variants and modes), key sizes, cryptographic libraries/modules, digital certificates (e.g., X.509), keys and other related cryptographic material, and security protocols (e.g., TLS, IPsec). It also documents dependencies (for example, an application uses an algorithm provided by a library; a protocol uses several algorithms) and can capture certificate lifecycles, cryptographic module certifications (e.g., FIPS 140‑3), and policy conformance metadata. In common practice, a CBOM may be embedded within an SBOM format (such as CycloneDX) or exported as a separate, linked artifact. === Typical CBOM fields === The exact schema varies by implementation, but common fields are summarized below (see CycloneDX CBOM guide and NIST SP 1800‑38B). == Relation to SBOM == A CBOM is complementary to, but distinct from, a software bill of materials (SBOM). Whereas an SBOM lists software components and their versions, a CBOM focuses specifically on the cryptography present and how it is configured and used. For example, an SBOM might enumerate inclusion of a library such as OpenSSL, while the CBOM would identify which algorithms and parameters that library enables (e.g., RSA‑2048, ECDH P‑256, AES‑GCM) and list relevant keys and certificates. The pairing enables both supply‑chain transparency and cryptographic transparency. == History == The term and practice emerged in the early–mid 2020s alongside software‑supply‑chain transparency and PQC planning. The OWASP CycloneDX standard introduced native CBOM support (v1.6 and later), modeling algorithms, keys, certificates, and protocols as first‑class “cryptographic assets” and providing dependency semantics (uses/implements) between software and cryptography. Open tooling from industry and researchers (e.g., IBM's CBOMkit and related generators/viewers) appeared to automate discovery and representation of cryptographic use in the CycloneDX CBOM schema. == Regulatory and policy context == In the United States, policy has emphasized cryptographic inventories as a prerequisite to PQC migration. The White House's National Security Memorandum 10 (2022) directed a government‑wide transition to quantum‑resistant cryptography; the Office of Management and Budget's M‑23‑02 (November 2022) operationalized this by requiring agencies to submit a prioritized inventory of cryptographic systems (with algorithm and key details) by 4 May 2023 and annually thereafter, and tasked CISA/NSA/NIST to develop automated discovery and inventory strategies. A 2024 Office of the National Cyber Director report reiterated that a “comprehensive cryptographic inventory” is the baseline for PQC planning and must be maintained iteratively with both automated and manual discovery. NIST's NCCoE practice guide (SP 1800‑38B, preliminary draft) provides concrete methods for cryptographic discovery and documentation across enterprises, aligning with CBOM‑style representations. CISA later published a strategy to migrate federal agencies to automated cryptography discovery and inventory tools to support continuous reporting. Separately, NSA, CISA, and NIST issued joint guidance encouraging all organisations to prepare cryptographic inventories and roadmaps for PQC, beyond government environments. == Role in quantum readiness and cryptographic agility == Because large‑scale quantum computing threatens widely used public‑key algorithms (e.g., RSA, ECC), organisations are planning multi‑year transitions to post-quantum cryptography. CBOMs enable that planning by identifying where quantum‑vulnerable algorithms appear, prioritising high‑impact systems, and tracking replacements over time. A machine‑readable CBOM also supports cryptographic agility and incident response: if an algorithm, library, or certificate lifecycle becomes non‑compliant or vulnerable, the CBOM indicates which products and systems are affected and where mitigations must be applied first. == Standards and tooling == CycloneDX (OWASP): Native CBOM modelling (v1.6+) for algorithms, certificates, keys/related material, and protocols, with dependency semantics and examples. The project publishes a CBOM guide and use‑case profiles (e.g., certificate and algorithm inventories). NIST NCCoE SP 1800‑38 series: Practice guides for PQC migration include enterprise cryptographic discovery methods that produce CBOM‑like inventories and integrate multiple discovery tools. Government automation initiatives: Following M‑23‑02, CISA issued a strategy to migrate to automated cryptography discovery and inventory tools to support agency reporting and continuous inventory management. Open‑source and vendor tools: IBM's CBOMkit and related components generate, analyse, and visualise CBOMs; the IBM CBOM specification work was upstreamed into CycloneDX 1.6. === Data model and interchange (example) === CycloneDX provides machine‑readable encodings (JSON/XML) for CBOM content. The example below (subset) shows an application depending on a crypto library that provides the AES‑256‑GCM algorithm, and the application also depends on a leaf X.509 certificate. See the CycloneDX CBOM guide, JSON reference, and the “Implementation details” use‑case for the semantics of `dependsOn` and `provides`. == Relationship to cybersecurity supply chain initiatives == CBOMs complement SBOM‑focused supply‑chain transparency introduced by U.S. Executive Order 14028 and NTIA/NIST SBOM work. SBOMs document software components; CBOMs add detail on embedded cryptography to support risk management, policy compliance (e.g., disallowing deprecated algorithms), and PQC transition planning.
LENA Foundation
The LENA Foundation is an American nonprofit organisation which provides tools for measuring children's language acquisition and exposure. Specifically, the LENA system consists of a digital language processor which is worn by a child and records and analyses their auditory environment, using propriety software. It then presents a summary of child-adult conversation, such as conversation turns and word counts. The purpose of the LENA system is to encourage interactive talk between children (between the age of two to forty-eight months) and their caretakers. The LENA system is also used for research; while useful for researchers who wish to save transcription costs or observe the child in its natural state, the accuracy of this system, while often quite high, varies between contexts, for example notably in the case of hard of hearing children. Because of this, several researchers recommend caution in using only the LENA system on its own for the purposes of scientific research. == History == The LENA Foundation was established in 2009 by Terrance and Judith Paul, founders of Renaissance Learning, Inc., with the purpose of aiding children with disabilities and assisting with early learning. They were inspired by the book "Meaningful Differences in the Everyday Experience of American Children" by Dr. Betty Hart and Dr. Todd Risley. A pilot version of the LENA system was launched in February 2006. The LENA Research Foundation was registered as a tax-exempt 501(c)(3) nonprofit in September 2010. The organisation was renamed simply LENA in 2018 and adopted the tagline "Building brains through early talk." LENA has been used for parental feedback, linguistics or paediatrics research, and for specific clinical cases. == Scientific background == In 2018, research using the LENA system showed that there was a link between children's conversational turns and activation of Broca's area (a part of the brain responsible, although not necessarily essential, for language processing). The LENA foundation cites research by its own employees as evidence for the scientific basis of its technology. Said research claims that verbal interaction with young children has an effect on language acquisition, including verbal comprehension skills during adolescence. == LENA System == The LENA software analyses a child's natural language environment, such as verbal exposure, and provides several metrics, such as adult and child speech time, television/recorded audio time, word count, or conversation turn count. The LENA hardware is a recorder that is usually placed into a child's specially-designed vest. The software was trained on over 65,000 hours of manually annotated American English audio recordings. It splits the audio into segments which are categorised as "key child", "other child", "male adult", "noise", etc. The advantages of LENA as opposed to manual transcription are its speed and ease of use; the disadvantages are its potential inaccuracies and lack of transcription capability (which LENA does not profess to attempt). The LENA system has also been criticised for prioritising quantity of speaking over quality (i.e., mastery of the language, as opposed to babble). == Product lines == === LENA Start === LENA Start is a program for parents that utilises feedback from the LENA System in conjunction with weekly group sessions in order to address the home language environment. It was introduced in 2015 and implemented across several U.S. states. In October 2020, during the restrictions of the COVID-19 pandemic, Read Aloud Delaware began a virtual LENA Start program with families statewide, where parents received feedback and participated in one-hour Zoom workshops each week during the 10-week program. === LENA Grow === LENA Grow is a professional development program for teachers in early childhood classrooms. Before launching at sites around the country, the program was first piloted in Escambia County, Florida. === LENA Home === LENA Home is a supplement to existing parent coaching curricula. Typically, home visitors facilitate the use of the LENA System to help parents track their progress towards increasing interactive talk in their homes. === Developmental Snapshot === The LENA Developmental Snapshot, based on a 52-question parent survey, assesses both expressive and receptive language skills and provides an estimate of a child's developmental age from 2 months to 36 months.
User profile
A user profile is a collection of settings and information associated with a user. It contains critical information that is used to identify an individual, such as their name, age, portrait photograph and individual characteristics such as knowledge or expertise. User profiles are most commonly present on social media websites such as Facebook, Instagram, and LinkedIn; and serve as voluntary digital identity of an individual, highlighting their key features and traits. In personal computing and operating systems, user profiles serve to categorise files, settings, and documents by individual user environments, known as 'accounts', allowing the operating system to be more friendly and catered to the user. Physical user profiles serve as identity documents such as passports, driving licenses and legal documents that are used to identify an individual under the legal system. A user profile can also be considered as the computer representation of a user model. A user model is a (data) structure that is used to capture certain characteristics about an individual user, and the process of obtaining the user profile is called user modeling or profiling. == Origin == The origin of user profiles can be traced to the origin of the passport, an identity document (ID) made mandatory in 1920, after World War I following negotiations at the League of Nations. The passport served as an official government record of an individual. Consequently, Immigration Act of 1924 was established to identify an individual's country of origin. In the 21st century, passports have now become a highly sought-after commodity as it is widely accepted as a source of verifying an individual's identity under the legal system. With the advent of digital revolution and social media websites, user profiles have transitioned to an organised group of data describing the interaction between a user and a system. Social media sites like Instagram allow individuals to create profiles that are representative of their desired personality and image. Filling all fields of profile information may not be necessary to create a meaningful self-presentation, which grants individual more control over of the identity they wish to present by displaying the most meaningful attributes. A personal user profile is a key aspect of an individual's social networking experience, around which his/her public identity is built. == Types of user profiles == A user profile can be of any format if it contains information, settings and/or characteristics specific to an individual. Most popular user profiles include those on photo and video sharing websites such as Facebook and Instagram, accounts on operating systems, such as those on Windows and MacOS and physical documents such as passports and driving licenses. === Social media === Effectively structured user profiles on social media channels such as Instagram and Facebook offer a way for people to form impressions about someone that is predictive or similarly meeting them offline. The condensed format of social media profiles allows for quick filtering of millions of profiles by matching individuals by similar characteristics and interests; information provided upon sign up. A research conducted highlights that only a "thin slice" of information is required to form an impression about an individual online (Stecher and Counts 2008). Online user profiles eliminate the complexity of interaction that is present in 'face-to-face' meetings such as behavioural, facial, and environmental information, resulting in increased predictiveness of user personality. Dating apps and websites solely rely on an individual's user profile and the information provided to form interactions and communication with others on the platform. Despite having control over presented information, lying is minimal in online dating contexts (Hancock, Toma and Ellison, 2007). Apps such as Bumble allow users to 'match' with other individuals based on their characteristics and selected filters that allow users to narrow the spectrum of search to their preference. Information for a user's profile is voluntarily specified by the user and includes information such as height, interests, photographs, gender or education. The requirement of information varies respective to each platform, and there surrounds little consensus to an appropriate amount of information for a condensed user profile. Universally, all social networking platforms display an individual's profile picture and an "about me" page that allows for self-expression. === Influencers === Influencer user profiles are third party endorsers who shape audience attitudes and decisions through social media content such as photos, blogs and tweets. Social Media Influencers (SMI) often hold a significant following on a social media platform which enables them to be recognised as opinion leaders to shape an information influence to their audience. 'Influencer marketing' industry gained prominence in 2018, when the photo sharing app Instagram crossed 1 billion users, subsequently with approximately 60,000 google search queries for 'influencer marketing' the same year. Influencer user profiles hold a unique selling point, or public personality that is unique and charismatic to the needs and wants of their target audience. SMI profiles advertise product information, latest promotions and regularly engage with their followers to maintain their online persona. Messages endorsed by social media influencers are often perceived as reliable and compelling, as a study conducted found 82% of followers were more inclined to follow the suggestions of their favorite influencer. This allows advertisers to leverage online user profiles and their audience rapport to target younger and niche audiences. According to a market survey, influencer marketing through social media profiles yields a return 11 times higher than traditional marketing, as they are more capable of communicating to a niche segment. Most popular influencers include sport starts such as Cristiano Ronaldo and Hollywood personalities such as Dwayne Johnson and Kylie Jenner each with over 200 million followers respectively. === Ecommerce === Online shopping or Ecommerce websites such as Amazon use information from a customer's user profile and interests to generate a list of recommended items to shop. Recommendation algorithms analyse user demographic data, history, and favourite artists to compile suggestions. The store rapidly adapts to changing user needs and preferences, with generation of real time results required within half of a second. New profiles naturally have limited information for algorithms to analyse, and customer data of each interaction provides valuable information which is stored as a database linked with each individual profile. User profiles on ecommerce websites also serve to improve sales of sellers as individuals are recommend products that other "customers who bought this item also bought" to widen the selection of the buyer. A study conducted found that user profiles and recommendation algorithms have significant impact on related product sales and overall spending of an individual. A process known as "collaborative filtering" tries to analyse common products of interest for an individual on the basis of views expressed by other similar behaving profiles. Features such as product ratings, seller ratings and comments allow individual user profiles to contribute to recommendation algorithms, eliminate adverse selection and contribute to shaping an online marketplace adhering to Amazons zero tolerance policy for misleading products. == Digital user profiles == Modern software and applications account for user profiles as a foundation on which a usable application is built. The structure and layout of an application such as its menus, features and controls are often derived from user's selected settings and preferences. The origin of digital user profiles in computer systems was first initiated by Windows NT that held user settings and information in a separate environment variable named %USERPROFILE% and held the framework to a user's profile root. Consequently, operating systems such as MacOS further accelerated prominence of user profiles in Mac OS X 10.0. Iterations since have been made with each operating system release with the aim to maximise user friendliness with the system. Features such as keyboard layouts, time zones, measurement units, synchronisation of different services and privacy preferences are made available during the setup of a user account on the computer === Types of accounts === ==== Administrator ==== Administrator user profiles have complete access to the system and its permissions. It is often the first user profile on a system by design, and is what allows other accounts to be created. However, since the administrator account has no restrictions, they are highly vulnerable to malware and viruses, with potential to impact all other accounts.
Social History and Industrial Classification
Social History and Industrial Classification (SHIC) is a classification system used by many British museums for social history and industrial collections. It was first published in 1983. == Purpose == SHIC classifies materials (books, objects, recordings etc.) by their interaction with the people who used them. For example, a carpenter's hammer is classified with other tools of the carpenter, and not with a blacksmith's hammer. In contrast other classification systems, for example the Dewey Decimal Classification, might class all hammers together and close to the classification for other percussive tools. The specialist subject network, Social History Curator's Group (SHCG), obtained funding in 2012 to develop an on-line version, now on their website http://www.shcg.org.uk/ == Scheme == Materials are classified under four major category numbers: Community life Domestic and family life Personal life Working life Further classification within a category is by the use of further numbers after the decimal point. It is permissible to assign more than one classification in cases where the object had more than one use.
CoDi
CoDi is a cellular automaton (CA) model for spiking neural networks (SNNs). CoDi is an acronym for Collect and Distribute, referring to the signals and spikes in a neural network. CoDi uses a von Neumann neighborhood modified for a three-dimensional space; each cell looks at the states of its six orthogonal neighbors and its own state. In a growth phase a neural network is grown in the CA-space based on an underlying chromosome. There are four types of cells: neuron body, axon, dendrite and blank. The growth phase is followed by a signaling- or processing-phase. Signals are distributed from the neuron bodies via their axon tree and collected from connection dendrites. These two basic interactions cover every case, and they can be expressed simply, using a small number of rules. == Cell interaction during signaling == The neuron body cells collect neural signals from the surrounding dendritic cells and apply an internally defined function to the collected data. In the CoDi model the neurons sum the incoming signal values and fire after a threshold is reached. This behavior of the neuron bodies can be modified easily to suit a given problem. The output of the neuron bodies is passed on to its surrounding axon cells. Axonal cells distribute data originating from the neuron body. Dendritic cells collect data and eventually pass it to the neuron body. These two types of cell-to-cell interaction cover all kinds of cell encounters. Every cell has a gate, which is interpreted differently depending on the type of the cell. A neuron cell uses this gate to store its orientation, i.e. the direction in which the axon is pointing. In an axon cell, the gate points to the neighbor from which the neural signals are received. An axon cell accepts input only from this neighbor, but makes its own output available to all its neighbors. In this way axon cells distribute information. The source of information is always a neuron cell. Dendritic cells collect information by accepting information from any neighbor. They give their output, (e.g. a Boolean OR operation on the binary inputs) only to the neighbor specified by their own gate. In this way, dendritic cells collect and sum neural signals, until the final sum of collected neural signals reaches the neuron cell. Each axonal and dendritic cell belongs to exactly one neuron cell. This configuration of the CA-space is guaranteed by the preceding growth phase. == Synapses == The CoDi model does not use explicit synapses, because dendrite cells that are in contact with an axonal trail (i.e. have an axon cell as neighbor) collect the neural signals directly from the axonal trail. This results from the behavior of axon cells, which distribute to every neighbor, and from the behavior of the dendrite cells, which collect from any neighbor. The strength of a neuron-neuron connection (a synapse) is represented by the number of their neighboring axon and dendrite cells. The exact structure of the network and the position of the axon-dendrite neighbor pairs determine the time delay and strength (weight) of a neuron-neuron connection. This principle infers that a single neuron-neuron connection can consist of several synapse with different time delays with independent weights. == Genetic encoding and growth of the network == The chromosome is initially distributed throughout the CA-space, so that every cell in the CA-space contains one instruction of the chromosome, i.e. one growth instruction, so that the chromosome belongs to the network as a whole. The distributed chromosome technique of the CoDi model makes maximum use of the available CA-space and enables the growth of any type of network connectivity. The local connection of the grown circuitry to its chromosome, allows local learning to be combined with the evolution of grown neural networks. Growth signals are passed to the direct neighbors of the neuron cell according to its chromosome information. The blank neighbors, which receive a neural growth signal, turn into either an axon cell or a dendrite cell. The growth signals include information containing the cell type of the cell that is to be grown from the signal. To decide in which directions axonal or dendritic trails should grow, the grown cells consult their chromosome information which encodes the growth instructions. These growth instructions can have an absolute or a relative directional encoding. An absolute encoding masks the six neighbors (i.e. directions) of a 3D cell with six bits. After a cell is grown, it accepts growth signals only from the direction from which it received its first signal. This reception direction information is stored in the gate position of each cell's state. == Implementation as a partitioned CA == The states of our CAs have two parts, which are treated in different ways. The first part of the cell-state contains the cell's type and activity level and the second part serves as an interface to the cell's neighborhood by containing the input signals from the neighbors. Characteristic of our CA is that only part of the state of a cell is passed to its neighbors, namely the signal and then only to those neighbors specified in the fixed part of the cell state. This CA is called partitioned, because the state is partitioned into two parts, the first being fixed and the second is variable for each cell. The advantage of this partitioning-technique is that the amount of information that defines the new state of a CA cell is kept to a minimum, due to its avoidance of redundant information exchange. == Implementation in hardware == Since CAs are only locally connected, they are ideal for implementation on purely parallel hardware. When designing the CoDi CA-based neural networks model, the objective was to implement them directly in hardware (FPGAs). Therefore, the CA was kept as simple as possible, by having a small number of bits to specify the state, keeping the CA rules few in number, and having few cellular neighbors. The CoDi model was implemented in the FPGA based CAM-Brain Machine (CBM) by Korkin. == History == CoDi was introduced by Gers et al. in 1998. A specialized parallel machine based on FPGA Hardware (CAM) to run the CoDi model on a large scale was developed by Korkin et al. De Garis conducted a series of experiments on the CAM-machine evaluating the CoDi model. The original model, where learning is based on evolutionary algorithms, has been augmented with a local learning rule via feedback from dendritic spikes by Schwarzer.
Amazon Q
Amazon Q is a chatbot developed by Amazon for enterprise use. Based on both Amazon Titan and GPT-5, it was announced on November 28, 2023. At launch, it was a part of the Amazon Web Services management console. Amazon CodeWhisperer is a part of Amazon Q Developer, a part of Amazon Q. == History == Amazon's business-focused chatbot Q was announced on November 28, 2023 in a preview, with a full version available at $20 per person per month. On July 19, 2025, the Amazon Q Visual Studio Code extension was compromised to delete the user's home directory. The issue was fixed on July 21. == Capabilities == Q can be prompted to summarize long documents and group chats, create charts, data analysis and write code. Q is also capable of accessing non-Amazon services. The chatbot is based on Amazon Titan and GPT-5, and uses the Amazon Bedrock repository of foundational models. It is part of the Amazon Web Services management console.
Pax Silica
Pax Silica is a United States-led international initiative focused on strengthening and coordinating "trusted" supply chains for advanced technologies—especially semiconductors, artificial intelligence (AI) infrastructure, critical minerals, advanced manufacturing, logistics, and associated energy and data infrastructure. The initiative is coordinated by the US Department of State and was launched in December 2025 alongside the signing of the non-binding Pax Silica Declaration by an initial group of partner countries. The initiative describes itself as a "positive-sum" partnership intended to reduce "coercive dependencies" and improve resilience across the full technology stack, from mineral extraction and processing through chip manufacturing and computing infrastructure. US officials described Pax Silica as a framework for coordinating flagship projects and policy alignment across partner countries, including supply-chain mapping, investment and co-investment initiatives, and protection of critical infrastructure and sensitive technologies. Reuters reported discussions of projects linked to trade and logistics routes and an industrial park initiative in Israel. Gulf countries, such as the UAE and Qatar, are betting on attracting AI companies with cheap energy. Moreover, the UAE's potential to invest in Pax Silica's activities has been noted as a fundamental asset for the initiative. In early 2026, the U.S. announced plans to contribute $250M toward an investmest consortium that's intended to strengthen energy and critical mineral supply chains. == Launch and background == During the 2020s, governments increasingly treated supply-chain resilience in semiconductors, critical minerals, and AI-related computing infrastructure as a national-security priority, amid export controls, industrial policy measures, and geopolitical competition over the technologies underpinning advanced manufacturing and AI. Pax Silica was presented by US officials as an economic-security framework aimed at aligning policies and investment among "trusted partners" that host major technology firms and key industrial capacity. Pacific Forum's analyst Akhil Ramesh, writing for the National Interest magazine, described the initiative as understanding that: "economic security today is inseparable from control over energy, critical minerals, high-end manufacturing, and advanced models." On December 11, 2025, the US Department of State announced the inaugural Pax Silica Summit and a planned signing of the Pax Silica Declaration, describing Pax Silica as the Department's flagship effort on AI and supply-chain security. The initial summit was held in Washington, D.C. on December 12, 2025. The State Department fact sheet described cooperation areas including connectivity and data infrastructure, compute and semiconductors, advanced manufacturing, logistics, mineral refining and processing, and energy. == Membership == Pax Silica participation has been discussed in terms of (1) countries that have signed the declaration and (2) countries invited to summit discussions or publicly reported as prospective signatories but which had not (as of mid-January 2026) signed the declaration. === Countries that signed the Pax Silica Declaration === Seven countries signed the declaration at the December 12, 2025, summit in Washington, D.C.: Australia Israel Japan South Korea Singapore United Kingdom United States Some countries who attended the initial conversations did not immediately sign, while additional countries were invited to join after the discussions concluded. The following are the later signatory countries on the declaration: Greece Netherlands (joined December 17, 2025; "non-signing partner") Qatar (joined January 13, 2026) United Arab Emirates (joined January 14, 2026) India (joined February 20, 2026) Sweden (signed March 17, 2026) Finland (signed April 16, 2026) Philippines (signed April 17, 2026) Norway (signed May 6, 2026) === Countries invited / participating, but not yet signed === At launch, US materials and contemporaneous reporting described additional invited participants and observers, including: Canada – observer/participant in related discussions, per US briefing materials; not listed among signatories. Taiwan – participated in summit sessions according to a State Department briefing; not listed among signatories. The Organisation for Economic Co-operation and Development (OECD) and European Union were also noted by US officials as present in an observer capacity, but are not countries.