for universities and organizations

Evaluate the evidence model before standardizing the tool.

Certiv Core can be evaluated today as open-source, local-first software. It is not an enterprise SaaS product. Adoption decisions should separate the usefulness of the receipt format from the controls your organization must operate around it.

evaluation paths

Universities and venues

Evidence intake, not automated peer review.

Test whether receipts make declared computations easier to inspect. Keep methodological review, research ethics, provenance review, and independent reproduction as separate processes.

Read evidence semantics

Research organizations

A portable handoff between collaborators.

Pilot on synthetic or publishable data first. Measure whether teams can understand the receipt, reproduce the environment, and diagnose an intentionally changed input.

Use the examples

Companies and R&D

An internal evidence primitive you operate.

Integrate Core only after threat-modeling proprietary inputs, untrusted code execution, signing keys, retention, authorization, export controls, and decision accountability.

Review deployment controls

recommended pilot

A falsifiable evaluation sequence.

  1. Write the decision criteria and prohibited claims before installing the tool.
  2. Run the published starter example and verify every artifact hash.
  3. Package one synthetic internal workflow with no sensitive or regulated data.
  4. Deliberately alter an input, expectation, and command; confirm each change is surfaced or refused.
  5. Have a reviewer who did not author the package explain exactly what the receipt does and does not prove.
  6. Threat-model the intended deployment and record every operator-owned control.
  7. Adopt only if the evidence improves the existing process without creating a false assurance shortcut.

procurement facts · current release

Known before you start.

AreaCertiv Core 1.1 position
Software licenseApache-2.0; no Core license fee
DeploymentLocal or self-hosted on operator-controlled infrastructure
Data sent to CertivNone by the Core workflow; certiv.org is read-only
Identity and SSONot provided by Certiv; operator responsibility
Support and SLANo commercial support plan or service-level agreement
ComplianceNo SOC 2, ISO 27001, FedRAMP, HIPAA, or accessibility certification claimed
Independent assessmentNot included; organizations must commission their own when required

go / no-go evidence

Continue when

  • reviewers understand the receipt without relying on marketing language;
  • tampering and nondeterminism fail visibly;
  • your deployment can isolate untrusted computation;
  • the evidence boundary remains explicit in downstream decisions.

Stop or redesign when

  • a receipt is treated as proof that a scientific claim is true;
  • operators cannot provide isolation, key, identity, or retention controls;
  • users need a hosted service, contractual SLA, or compliance attestation;
  • the workflow obscures rather than clarifies decision accountability.