Episode 215 Deep Dive: Edwin Kwan | Navigating the Wild West: Tools and Techniques to Assess the Security and Integrity of Open Source Software

In this episode, we are joined by Edwin Kwan (Head of Application Security and Advisory – Tyro Payments), as he sheds light on the meticulous risk acceptance process and shares his insights on using open source software to build applications swiftly with freely available parts. We explore the challenges of ensuring the security of open source software and the need for due diligence when downloading such software. Edwin raises thought-provoking questions about software verification, maintenance, and security, highlighting the tricky balance between maintaining security protocols and accommodating a wide range of individuals in the workplace.

Stay tuned as we examine the potential risks of using open source software and the complexities of explaining security issues to individuals who may not fully grasp their implications. Edwin shares captivating stories and real-life examples, including incidents where businesses chose to accept high-severity risks rather than investing in their mitigation.

Edwin a cybersecurity specialist whose approach towards security is to raise awareness, provide light touch controls to the software development life cycle to increase visibility of security issues, and work closely with engineering teams to quickly develop secure applications.

He started out as a software engineer and transitioned into application and information security to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence.

He has presented at several events, including RSA, AISA, All Day Dev Ops, AppSec Day, OWASP and DevSecOps Leadership Forums.

Edwin is also a contributing journalist to the It’s 5:05 Podcast, a daily podcast on open source and cybersecurity news.