Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

deny icon
Deny
allow icon
Accept
All Posts

To All The Tools I’ve Loved Before: The Fling (SCA)

David Brumley
February 22, 2021
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak.

That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters. 

What can we say? Life has embittered us...or has it? You’ll have to wait until the end of this To All The Tools I’ve Loved Before four part blog series to find out. 

See below for part 1 of this blog series.  Part two (SAST). Part three (IAST).

--

Dear Software Composition Analysis (SCA),

Our relationship was always light and easy. I loved that about us -- in the beginning that is. 

As our relationship progressed, the breeziness faded and it took me a moment to realize the consequence of that ease. Our relationship lacked substance. We never worked through the problems we had. 

Sure, we were aware of them, but we never took the leap to dive in and dissect them. “They’re not that big of a deal. They’re easy fixes. It’s just a couple swaps to your code,” you’d casually mention, as if it wouldn’t fundamentally change how I function. But one swap became two, which then became five hundred. Your snide comments lingered between us, taking up space like a massive backlog. It was omnipresent. It would take us a while to label it as the silent killer it was, slowly sucking our time and resources until we had nothing left.

I’ve learned that it’s because you were only concerned about the optics of our relationship. What my flaws were and what others might think. Never taking the time to hear my side of the story. To validate whether those flaws were actual flaws. You perceived them to be so and that was that. 

I deserve more. I deserve an AppSec partner who takes the time to look inside me and appreciate the code that makes me, well, me. I need a partner who will take me in more than just a scan.

There’s more out there for me. I’m convinced.

Au revoir,

Your Apps

--

Are all these references flying over your head? Then, you ought to check out Netflix’s hit teen romcom series: To All The Boys I’ve Loved Before.

Want to Learn More About Fuzz Testing?

Tune in to FuzzCon TV to get the latest fuzzing takes directly from industry experts.

Watch EP 01 See TV Guide

Share this post
Blog

Recent Blogs

View All
Mayhem Makers

Introducing Mayhem’s Dynamic SBOM Generation and SCA Validation Feature

We’re excited to announce the release of our latest feature: Mayhem’s Dynamic SBOM Generation and SCA Validation feature.
Read More
Mayhem Tips

Crafting POCs for Fun and Profit using Mayhem

In this five minute tutorial, we'll use Mayhem to generate a Proof-of-Concept (POC) exploit for a buffer overflow using a tiny C program as our running example.
Read More
Mayhem Makers

Mayhem Makers: Josh Thorngren, VP Marketing and Product

“Mayhem Makers” is a Q&A series dedicated to our growing company. For this month’s profile, we talked with Josh Thorngren, VP Marketing and Product at Mayhem.
Read More
View all

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Company
AboutCareersPressEvents
Support
Docs & TutorialsContact
Connect with us
© 2024 ForAllSecure
Privacy PolicyTerms of UseCookies Settings
This is some text inside of a div block.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem