Companies have implicit whitelists
Since this is about corporate behaviour, not home users, the whole thing about users downloading stuff onto the company's machines should be moot. Users simply shouldn't be installing anything and anything that does get installed should come by way of the IT dept (isn't that one of their primary functions? or am I being old-fashioned?) and be on their list of approved applications and be sourced from themselves and ONLY from them.
So for companies, they already have a list of apps they are happy for users to use. Ones they can support, that they know will play nice with the other apps and that have been properly acquired through a legal channel.
Again, we're not talking about home users here so "drive-by download sites" simply should not be an issue (and aren't that hard for the compliance people to spot - you DO scan machines for unlicensed softs, don't you?). So I'd expect that any company that is doing their IT even half-right already operates a white-list, although they probably don't call it that. Not after the political officer has had a word, anyway.