To All The Tools I’ve Loved Before: The Fling (SCA)

David Brumley
February 22, 2021
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak.

That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters. 

What can we say? Life has embittered us...or has it? You’ll have to wait until the end of this To All The Tools I’ve Loved Before four part blog series to find out. 

See below for part 1 of this blog series.  Part two (SAST). Part three (IAST).


Dear Software Composition Analysis (SCA),

Our relationship was always light and easy. I loved that about us -- in the beginning that is. 

As our relationship progressed, the breeziness faded and it took me a moment to realize the consequence of that ease. Our relationship lacked substance. We never worked through the problems we had. 

Sure, we were aware of them, but we never took the leap to dive in and dissect them. “They’re not that big of a deal. They’re easy fixes. It’s just a couple swaps to your code,” you’d casually mention, as if it wouldn’t fundamentally change how I function. But one swap became two, which then became five hundred. Your snide comments lingered between us, taking up space like a massive backlog. It was omnipresent. It would take us a while to label it as the silent killer it was, slowly sucking our time and resources until we had nothing left.

I’ve learned that it’s because you were only concerned about the optics of our relationship. What my flaws were and what others might think. Never taking the time to hear my side of the story. To validate whether those flaws were actual flaws. You perceived them to be so and that was that. 

I deserve more. I deserve an AppSec partner who takes the time to look inside me and appreciate the code that makes me, well, me. I need a partner who will take me in more than just a scan.

There’s more out there for me. I’m convinced.

Au revoir,

Your Apps


Are all these references flying over your head? Then, you ought to check out Netflix’s hit teen romcom series: To All The Boys I’ve Loved Before.

Want to Learn More About Fuzz Testing?

Tune in to FuzzCon TV to get the latest fuzzing takes directly from industry experts.

Watch EP 01 See TV Guide

Share this post

Fancy some inbox Mayhem?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

This is some text inside of a div block.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem