Trust is a well-understood concept each of us uses in our daily lives. Deploying such trust-based models – with appropriate verification – shows great results in improving the security posture of any organization. Trust-but-verify is a healthy default to have deployed. Implicit trust enables implementation of our most advanced heuristic that detects the most advanced malware attacks, while avoiding the accompanying nightmare that is a high rate of false positives. ReversingLabs static analysis engine employs advanced file decomposition that unpacks software packages and can detect such supply chain attacks early in the attack cycle.”]
Source: https://blog.reversinglabs.com/blog/trust-based-models-and-certificate-whitelisting