In this episode, we are joined by Edwin Kwan (Head of Application Security and Advisory – Tyro Payments), as he sheds light on the meticulous risk acceptance process and shares his insights on using open source software to build applications swiftly with freely available parts. We explore the challenges of ensuring the security of open source software and the need for due diligence when downloading such software. Edwin raises thought-provoking questions about software verification, maintenance, and security, highlighting the tricky balance between maintaining security protocols and accommodating a wide range of individuals in the workplace.
Stay tuned as we examine the potential risks of using open source software and the complexities of explaining security issues to individuals who may not fully grasp their implications. Edwin shares captivating stories and real-life examples, including incidents where businesses chose to accept high-severity risks rather than investing in their mitigation.
He started out as a software engineer and transitioned into application and information security to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence.
He has presented at several events, including RSA, AISA, All Day Dev Ops, AppSec Day, OWASP and DevSecOps Leadership Forums.
Edwin is also a contributing journalist to the It’s 5:05 Podcast, a daily podcast on open source and cybersecurity news.