Leander’s chapter argues that whitelists in commercial security are establishing and consolidating a rule of law marked by managerialism. It closely describes the significance of the mundane, seemingly innocuous whitelists. Whitelists have proliferated as part of governance through Codes of Conduct, Best Practices, Benchmarks and Standards. The chapter shows that these lists stake out regulatory space, establish regulatory relations and prioritize potential (they do work). In the process, they contribute to a regulatory topology where evidence is devalued, conventional legal expertise and criticism devalued (they leave a topological imprint). Together, these momentous shifts skew the rule of law towards managerialism and enshrine the managerialism already there. They mark a shift in the quality of the rule of law but do not necessarily weaken it.