Skip to main content
Cantina’s bug bounty programs connect protocols with vetted security researchers to identify real-world vulnerabilities in live code, featuring intelligent filtering and transparent reporting.

Program Setup

This phase involves establishing your bug bounty program, from setting up the platform to configuring the security frameworks. The Cantina team will assist in ensuring all necessary settings are tailored for your organization’s goals and security needs.

Scope Definition

Defining the boundaries of your bug bounty program, including which systems, components, and protocols are in scope. A well-defined scope ensures high-quality submissions and efficient resource allocation for both researchers and your development team.

Vulnerability Reporting

When a researcher discovers a vulnerability, they report it through the Cantina platform. The report includes steps to reproduce, severity level, and suggested remediation, ensuring a clear and actionable report for your team.

Triage Process

All reported vulnerabilities go through a structured triage process. Our team evaluates the severity and impact, prioritizing issues based on risk. This process ensures that your team can focus on the most critical vulnerabilities first.

Rewards and Payments

Once vulnerabilities are confirmed and validated, the reward payout process begins. Cantina ensures seamless and timely payments to researchers based on severity, ensuring a fair and transparent reward system.

Disclosure Policy

Cantina’s disclosure policy governs how vulnerabilities are handled and disclosed, including communication guidelines with the researcher and public disclosure protocols. We ensure that all disclosures are managed securely and transparently, protecting both the researcher and the organization.