Yeah, as Brod asks, why are you wanting to make your own?
When you're talking about too limited database, are you indicating their whitelist or their signatures engine? If it's the signature engine, you can find that quite a few AV vendors have been using Bitdefender engine (Zonealarm uses Kaspersky). Though it will need a good budget, that's one of the best ways to start.
Regarding lists of trusted vendors/applications, different AV vendors have been formulating their list in various ways from what is much known.
Some started with a small list of famous vendors that could be easily trusted and then went on adding new vendors as they discovered. Some AV vendors gather data about more and more vendors/their digital certificates from their worldwide clients running programs of such vendors.
Comodo issues SSL certificates to clients you know. Also different software developers can get their signatures added to the Comodo Security products so that those can be trusted after verification. There might be better sources too. I'm not sure if they directly get this data from other institutions, that needs trust and collaboration.
All this is how some renowned AV vendors add to their trusted list. The whitelisting approach they adopt is mainly through the huge database of files they have due to their reach. Those files could be analysed by their analysts, their automated ML analysers or via crowd (user) preferences or a mix of these.
To answer your needs, I'm not sure how 'you' can 'directly get such a list'. Many aspiring devs usually incorporate their in-house engines and some external engines and start primarily with signatures and BB only. Some gather hash/file data from sites like VirusTotal, also incorporate the VT API for multi-engine results. A simple way to know how to get these trusted files/vendors list via contacting such devs who've already done this.