My Take on Application Whitelisting
One of the recent thoughts that I have notices in the last year in discussions with friends in the industry is that whitelisting is of no use do to:
* "It is hard to do"
* "Bypasses exist so why do it"
* "It does not scale"
Those are the 3 most common ones I have heard with my discussions over drinks, chat rooms and lobbycon sessions with friends. I would like to try to address why for me they are not valid and share my thought process and to the why.