Changelog | October 2025
Security teams need more than intake forms and dashboards - they need structure that supports fast decisions, operational trust, and coordinated response. This release introduces Safe Harbor, a new option empowering organizations to activate legal protection for researchers in bounties. Alongside that, we’ve added tools for tracking context across findings, refining access controls, triggering incidents from critical reports, and improving signal quality at submission. Cantina's Code updates turn fragmented workflows into systems that help teams act faster, align better, and scale securely.
Trigger Incidents from Bounty Findings
Critical bounty findings can now trigger incidents in the MDR product, instantly notifying the on-call incident response team when funds might be at risk.This creates a seamless bridge between bounty programs and real-time incident handling.
Safe Harbor
Safe Harbor is an on-chain legal agreement that protocols can adopt to shield security researchers from legal liability during active incident response. It defines the boundaries of good-faith behavior and offers researchers the clarity they need to take action without hesitation.
Researchers who act under Safe Harbor terms are also eligible for support through the Security Research Legal Defense Fund, which covers legal expenses in qualifying situations.
Cantina now allows protocols to activate Safe Harbor directly when launching a bounty. This provides a formal legal mechanism for whitehat protection from the start.
Notes on Findings
Clients, triagers, and judges can now add notes directly to findings to capture and track important context or updates. Notes are also visible in the findings list for quick access, improving collaboration and cross team visibility.
New Client Dashboard
The new client dashboard provides an overview of bounty insights and highlights findings that require action.Dedicated sections for reviews and competitions make it easier to navigate across multiple repositories and stay focused on what’s most important.
Easier User & Repository Membership Management
We no longer automatically add all company members to every new repository. This means just the right people can and will be added to ensure access control and reduce notification noise.
Save Filters as Custom Views
Filters on the findings list can now be saved as custom views, either personal or shared with the team.Custom views offer a quick way to return to key list of findings and keep everyone aligned.
Bounty Reminder Emails
Bounty reminder emails now arrive every 48 hours to highlight findings that need attention, helping maintain timely responses.
Required Deposit for Bounty Submissions
Optionally, BBPs can now require a refundable deposit for bounty submissions.This option helps reduce noise and encourages more thoughtful, high-quality submissions.
What’s Next
This release focuses on bridging reactive security workflows, improving coordination across teams, and giving clients the tools they need to manage fast-moving programs with clarity and control.
Have feedback or ideas? Share them in our product portal or connect with us on X.