the reverse approach
Systems like Bro define “bad” -- anything they don’t recognize, therefore, is assumed to be good.
- Problem: Your “bad” list is always out of date
Other systems attempt to define “good” -- anything they don’t recognize is “bad”
- Now, new badness is automatically caught!
- Problem: How do you define “good”?