from Hacker News

With more and more tools using cert pinning as a best practice (eg - having and maintaining their own cert keystore) and more and more companies requiring DLP software for their vendors - how can this be managed without causing enormous pain for software developers?

As DLP software currently works to essentially man-in-the-middle attack secure traffic; any cert pinned tool will fail without figuring out a workaround.

Does anyone have any good ideas or solutions for this? Adding certs or disabling SSL seems to be an afterthought in many tools.