My previous post on whitelisting has generated a lot of comments. Buried in the comment stream, I made this statement:
I look forward to the time (hopefully soon) when an industry consortium or worldwide standards effort brings together legitimate ISVs to create a shareable whitelist for all to use.
Whitelisting is foundational to any information security protection strategy. It is key to one of my areas of research on Application Control. At the application level, the problem I see is that there are multiple, overlapping efforts to build a industry-wide database of “known good” applications.
- Bit9 is an Application Control vendor that has built a significant repository with its Global Software Registry.
- SignaCert is a whitelisting vendor primarily used for configuration and drift management that has built its Global Trust Repository.
- The US government’s National Institute of Standards and Technology has created its National Software Reference Library
- The US National Drug Intelligence center within the US Department of Justice has created HashKeeper to assist in forensics investigations (by enabling investigators to eliminate known good application and system files or to focus quickly on files/content known to be bad)
If anyone knows of more, please add them as a comment. The point is, this is a problem the software industry can help solve. Why do we need multiple, competing efforts to build this database? Why don’t legitimate ISVs get together and agree on a standard so that ISV-level data can be gathered directly from authors and shared as a public service? A standards group like the TCG could help define the application metadata exchange format with broad industry support.
Seems like a no-brainer to me.