In many cases it is a good thing to open up your whitelist to those who ask. A good real-world example is ISP whitelists, mostly for e-mail.

ISP efforts to block malicious e-mails rely heavily on blacklists, but also on whitelists. Known good senders are whitelisted partly for performance but mostly so they don't get false positives.

As a service provider using a whitelist, you want as many legitimate senders as you can get onto that list. That's why many ISPs have open invitations to senders to apply for their whitelists.

The integration of Reputation Services with application whitelisting, AWL, provides a unique opportunity to streamline list management and simplify the administration of whitelists as business needs and threats change. I’m excited about Reputation Services because it can allow endpoint security to be dynamic with the business. 

Why are there no secure computers?

I have asked this question in various forms over the years, most recently at Focus.com.  Why, if security is so important, are there no computer brands that market and sell “secure computers”?   Is it because manufacturers don’t want to imply their other computers are not secure? Is it too much liability? Is there no demand? Or, is it impossible to secure a computer?

Today, more than 2 million new malware signatures are identified each month. And more organizations are falling prey to “zero-day” attacks – malware for which an anti-virus signature does not exist. It’s no surprise that roughly half of the organizations surveyed in the 2011 State of Endpoint Risk study done by the Ponemon Institute reported an increase in their IT operating expenses - a main driver of that cost increase was malware. Traditional anti-virus simply can’t keep up in the malware arms race and relying on it as your primary defense will prove costly.