Cantina has set forth these guidelines to elucidate how stakeholders can employ the outcomes of a Cantina Managed security review to communicate that necessary security measures have been taken for their respective protocols or projects. We aspire to maintain guidelines that foster mutual respect, champion fairness, and highlight Cantina's credibility as a neutral marketplace in the web3 security domain providing industry-leading quality reviews.
Upon the finalization of the security review report by the researcher team assigned by Cantina - we highly recommend to clients that they publicize the report in whatever medium they deem to be reasonable or best for proselytizing their results for any and all relevant stakeholders.
Below are the guidelines for working with Cantina regarding citations of the Cantina name in any publications or announcements after the final report has been completed:
Prior to publishing we encourage the following:
Good
We are proud to announce that CLIENT has performed a security review through Cantina - the one-stop shop for all your web3 security needs. The security review was conducted by Cantina’s assembled team of top security researchers and is available here for viewing:
REPORT-LINK
Bad
We are proud to announce that we are working with Spearbit to start a review for our protocol. We are waiting for the Spearbit team to finalize but are excited to kick-off this process. Issues Mention of Spearbit instead of Cantina without explicit Spearbit consent Mention of a potential review without finalizing any agreement.
Issues