Bug Bounty

Use this section to find everything you need to participate in Cantina bug bounty programs: from getting started and understanding finding statuses to payouts, deposits, and mediation.

Getting Started

Guidelines for participating in bug bounty programs, including severity classification, scope, and eligibility.

Finding Statuses

How findings are categorized—New, In Review, Confirmed, Duplicate, Rejected, Spam, Withdrawn, and Disputed—and what each means for your submission.

Bounty Severity Classification

Standardized framework for evaluating vulnerability impact and likelihood across bounty programs.

Deposits for Bounty Submissions

When deposits are required, how to add balance, and how refunds and slashing work.

Bug Bounty Payout

Prerequisites for receiving payouts, payout schedule, and what to expect after your finding is confirmed.

Mediation Process

How to escalate a dispute and work with Cantina when you disagree with a client’s decision.

Finding Status Bug Bounty Participation

⌘I

About Cantina

For Organizations

For Security Researchers

Evaluations and Standards

Referral Program

Resources