<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=306561&amp;fmt=gif">
Skip to content

Australian FinTech Veteran Issues Warning on Open Source Supply Chain Security

Application security expert Edwin Kwan talks mitigating open-source supply chain risks

Edwin Kwan's journey into cybersecurity started when he joined Tyro Payments in 2014. The organisation started out as an acquiring bank, processing customer credit or debit card payments on behalf of businesses. But it was not long after Kwan's joining that Tyro was granted a banking licence and became an Authorised Deposit taking Institution (ADI).

“Being a tech focused company, we chose to get a banking license. That required us to meet APRA's CPS234 security requirements. We needed to uplift our security posture, and I was brought in to build up the company's AppSec program,” Kwan says.

For Kwan, lack of security buy-in from executives and the push to build quickly and leveraging open-source components without much consideration for the maintenance cost is a huge challenge for application security.

“I've seen so many organisations where the number of open-source vulnerabilities have spiralled out of control. When you use open-source components, the bulk of your application is written by someone else who is not in your organisation,” Kwan says.

To overcome that challenge, Kwan believes that bringing awareness to the increase in open-source supply chain attacks is key.

“Surfacing that risk to our organisation and what the potential impact is. And showing an easy path for how the organisation can address this,” he says.

It’s also critical to constantly learn new practices and read relevant materials to stay current. Kwan believes that having a solid network of cyber security peers is crucial, so that everyone can learn from each other's experience.

Edwin Kwan will be delivering a presentation at CISO Sydney 2024 and talking about how the software development and application security testing landscapes have changed significantly over the years.

“Not a lot of attention has been given to application security, especially open-source supply chain. I'll be sharing why this is an important area to focus on and what we can do to address this," he says.


CISO Sydney_Agenda_use with 2cm left & right margin


To find out more about his session, check out the agenda and register to attend, simply click this link!