We know more about what is in our sausages than our software. SBOMs tell us that 3rd party libraries are patched but not that the 1st party code is 25 years old, in a memory unsafe language of which only 8% has been touched in the last 4 years. Transparency has a way to go..