Auditors help the general public verify, find issues in, and summarize the requirements and claims presented by an Openly Operated products. Transparency doesn't help gauge trustworthiness if very few people understand or have time to look through a product's public audit materials, so auditors help make sense of them, saving everyone time and effort.

Why Be An Auditor?

• A Safer Internet - By looking into and verifying the inner workings of apps and services, you can help secure the products that you use, and also recommend products to friends and family that you can personally vouch for.
• Learn and Gain Experience - Because Openly Operated products are fully open source and open infrastructure, you can learn to be a better developer and architect by auditing and understanding how these products work.
• Earn Money Or Credits - Auditors can do their work for free if they want, but they can also be compensated by the operator in different ways — an avid user of a product might get a free year or lifetime subscription, or the operator might simply pay a sum of money.

Be An Auditor

Currently, the Openly Operated auditors consist of a handful of engineers that are familiar with the Openly Operated requirements, but we'll soon open it up to anyone who wants to audit, and we're now working out the best way to onboard new auditors and helping them through their initial audits. Contact us here to let us know you're interested in joining.

The Audit Process

Once an auditor is matched with a product and its Audit Kit and Audit Template, the Openly Operated audit process begins:

1. Receive and Accept OpenAudit Request - The auditor receives a request for audit on the OpenAudit platform, and then accept it.
2. Verify OpenAudit References - Each OpenAudit document contains references that must be verified. The auditor opens the document in "Audit" mode, and verifies each reference to make sure it sufficiently and accurately backs the claim.
3. Mark Audit as Complete - Once all references have been verified, the auditor marks the audit as complete.
4. Receive Payment - The administrators of the OpenAudit platform do final checks on the document, and then release payment to the auditor.

Auditing Tools

Since infrastructure audit logs can easily be many gigabytes, we built Open Watch, an open source tool that automatically parses through infrastructure logs to verify their integrity and look for violations of Openly Operated tenets. It's designed for infrastructure logs generated by Amazon Web Services' CloudTrail audit trail service.

The Near Future

Auditors play a very large role in the future of the internet. As more apps and services become open to improve privacy and security, their complex inner workings will require more dedicated specialists to both help find issues and increase public understanding in them. Technology companies today have both the responsibility and the resources to ensure every part of their products are properly and publicly audited.