| Finding Status | Explanation |
|---|---|
| New | Once a finding is submitted by the security researcher, it is labelled as New by default. |
| In Review | The finding has been triaged and is being evaluated by the triage team or in collaboration with the client to determine validity and next steps. |
| Rejected | Upon review, if the finding does not meet the criteria or is deemed invalid, the triager or client will mark it as Rejected. |
| Duplicate | A finding is marked as Duplicate when it is the same issue reported by someone else. Duplicates are not rewarded in bug bounty programs. |
| Confirmed | When the finding is valid, it is labelled as Confirmed. |
| Spam | The finding is irrelevant, low-quality, automated, or inappropriate. Both triagers and the client can mark this status. |
| Withdrawn | The researcher has chosen to withdraw the finding. |
| Disputed | The researcher has set this status to challenge the initial decision and request mediation. |
Duplicate or Rejected and you disagree? You can set the finding’s status to Disputed in Cantina Code to trigger mediation. Only findings in Disputed status are eligible for Cantina’s mediation process. See the Mediation Process for Bounties for how escalation works.