Background Concepts¶
Version-independent articles explaining the regulatory and technical context behind TrustSource features. These are linked from feature pages throughout the documentation.
| Article | Topic |
|---|---|
| Cyber Resilience Act | EU CRA — product classification, manufacturer duties, conformity. |
| NIS2 Directive | Network and Information Security — scope, obligations, penalties. |
| Supply Chain Security | SLSA, in-toto, SBOMs as defense. |
| Continuous Testing | Shift-left, CI/CD, SARIF, security testing. |
| Product Security | PSIRT, security-by-design, CSAF workflows. |
| Crypto Agility | What it means, why it matters, practical steps. |
| Post-Quantum Security | NIST PQC standards, migration paths. |
| Export Controls | Dual-use, EAR, ECCN, sanctions. |
| Malware Identification | YARA, ClamAV, supply chain malware. |
| SBOM Formats | SPDX vs CycloneDX — when to use which. |
| VEX in CSAF | Vulnerability Exploitability eXchange. |