As an infosec professional myself, I applaud you for the stance you take. Offering a public bug bounty is an excellent way to allow researchers to conduct their experiments in an ethical fashion while protecting all parties involved.
At first glance at the article, it seemed that Facebook may have reneged on its offer of protection, but based on your explanation, it now seems that the hacker was indeed malicious, and only used the "white hat defense" as a shield.
I'm a huge advocate of ethical and responsible disclosure, so kudos to you for encouraging it where appropriate.
At first glance at the article, it seemed that Facebook may have reneged on its offer of protection, but based on your explanation, it now seems that the hacker was indeed malicious, and only used the "white hat defense" as a shield.
I'm a huge advocate of ethical and responsible disclosure, so kudos to you for encouraging it where appropriate.