I like whitelists because we can carefully select what can be used and it's much harder to accidentally have bad things fall through. Also there are things like IPs, ports, usernames, etc. not marked as secret that can used used in part as a social engineering attack.
On the other hand this could be very tedious to manage, but I can't imagine there is more than a handful of things that could be used in endpoints.
I like whitelists because we can carefully select what can be used and it's much harder to accidentally have bad things fall through. Also there are things like IPs, ports, usernames, etc. not marked as secret that can used used in part as a social engineering attack.
On the other hand this could be very tedious to manage, but I can't imagine there is more than a handful of things that could be used in endpoints.