Cantina now supports Safe Harbor as an opt-in legal safeguard for protocols launching bug bounty programs. This addition enables organizations to formally protect whitehats who respond during live exploit scenarios and encourages deeper collaboration between researchers and protocol operators.
Bug bounties play a vital role in defense, but during active threats, protocols need more than scoped submissions. They need structure, protection and a recognized legal standard.
Protecting Those Who Act When It Matters Most
Safe Harbor is an on-chain legal agreement that protocols can adopt to shield security researchers from legal liability during active incident response. It defines the boundaries of good-faith behavior and offers researchers the clarity they need to take action without hesitation.
Researchers who act under Safe Harbor terms are also eligible for support through the Security Research Legal Defense Fund, which covers legal expenses in qualifying situations.
Cantina now allows protocols to activate Safe Harbor directly when launching a bounty. This provides a formal legal mechanism for whitehat protection from the start.
Why This Matters
Cantina is built for coordinated, structured engagement between protocols and researchers. Including Safe Harbor strengthens this mission, particularly during high-pressure moments when system integrity is at risk.
This integration enables:
- Legal protection for researchers who respond in good faith
- Increased trust and participation from the security research community
- Clear alignment with open, transparent disclosure standards
- A stronger, shared foundation for responsible incident response
A Shared Commitment to Researcher Safety
Security researchers play a critical role in strengthening decentralized infrastructure. By supporting Safe Harbor, Cantina deepens its commitment to creating a security environment based on trust, clarity, and shared responsibility.
We are proud to partner with the Open Security Alliance in advancing protections for those who secure the systems we rely on.
Protocols interested in activating Safe Harbor can reach out to us to explore the program setup workflow.