Open source usually gets justified in business terms: it lowers development cost, attracts contributors, avoids lock-in. Fine reasons. But for software whose entire job is to be trustworthy, there is a sharper one, and it has nothing to do with saving money.

A trust claim you cannot independently verify is not a guarantee. It is an advertisement. And integrity software lives or dies on whether anyone believes the claim.

Secrecy is not security

There is a persistent instinct to keep security software closed "so attackers can't study it." Cryptographers abandoned that idea more than a century ago. Kerckhoffs's principle holds that a system should stay secure even when everything about it except the key is public. If your design only works because nobody has read it, you do not have a secure design — you have a secret, and secrets leak.

Closed integrity software asks customers to trust two things at once: that it works, and that the people who wrote it are honest about it working. Open source collapses that to one. You do not have to trust us. You can check.

"Trust us" is a marketing position. "Read the code" is an engineering one.

What auditability buys an exam programme

For a proctoring or delivery system, the stakes of that difference are concrete. When you flag a candidate, you may have to defend the decision — to an appeals board, a regulator, sometimes a lawyer. "The vendor's algorithm decided" is a weak position. "Here is exactly what the system observed, and here is the published code that processed it" is a strong one. Transparency is not just principle; it is evidence you can stand behind when a result is contested.

It also means the security claim is continuously tested by people who do not work for us. That is uncomfortable and it is the point. A flaw found by an external reader is a flaw fixed before it becomes an incident.

Why we built OroLink in the open

This is the reasoning behind OroLink being open source, and behind the code we publish on GitHub. We make a specific claim — that we capture what the candidate actually sees, before the tools that hide from screen capture can intervene, the mechanism we described in why remote proctoring is blind. That claim is only worth anything if you can verify it. So we let you.

The broader movement here is real: institutions like the Linux Foundation exist because critical infrastructure is more trustworthy when it is inspectable. Integrity software is critical infrastructure for anyone whose credential means something. It should be held to the same bar.

The trade-off, honestly

Open source is not free of downsides. You expose your design choices to critics, you cannot hide behind "proprietary," and yes, adversaries can read it too. We think that is a good trade for software whose only product is trust. If your security depends on the code staying secret, the secret was already the weakness. Better to build something that survives being read.