Next time you see me, ask me about the plant on the monitor.

I'd ship you maple syrup, but Canada Post is on strike. :-P

Apparently you can subscribe to other people's block lists like this one joabaldwin.com/scrapers. It seems to reduce the noise a little.

I see your cats, and raise you a sleepy dog cuddling her stuffed bunny with her tongue sticking out.

That includes architecting it with security at the beginning instead of assuming that someone will tack somewhere on later to deal with underdeveloped shortcomings.

Agreed, tech changes without consideration of the impact to services around them will be what kills allowlists as a solution. It comes back to my original statement, the vendor or tech creator should be responsible for both understanding what they built, and what is required to support it.

The trick is, where do you place the allowlist for optimal success and you have to be willing or have tooling to assess _everything_ that deviates from allowed activity.

Sure we can, we've been doing allowlisting for years, it's just that most orgs feel it's too complicated and if we don't take the time to understand what we are allowing, our model will be too permissive. Vendors that create solutions could also create the allowlists for the expected platform.