Did you consider if you should have shared this admission of what probably amounts to criminal activity in USA?
The FB "whitehat" pages to my reading are in no way giving you a right to "security test" their servers. Their statement appears more like an amnesty, akin to "if you did happen to shoplift from Walmart and you choose to return the goods unspoilt, packaged and in saleable condition, then we won't prosecute you".
They also say, FWIW, that "Security bugs in third-party applications" are not included in the program; so that would rule out attempting to compromise Mailman.
Moreover they say "Security bugs in Facebook's corporate infrastructure" are ruled out from their program which to my mind rules out compromises on Phabricator - it's not a part of the publicly facing Facebook site but instead is a backend tool.
knock knock
If you were in the UK you'd be getting an extradition order for this based on recent history.
Facebook's Responsible Disclosure Policy applies to all Facebook properties. The exceptions you outlined specifically apply to our bounty program. Basically, we may not pay a cash reward for a security issue reported in Mailman (an open source tool), but we still appreciate the responsible disclosure and you absolutely shouldn't be worried about a lawsuit.
The FB "whitehat" pages to my reading are in no way giving you a right to "security test" their servers. Their statement appears more like an amnesty, akin to "if you did happen to shoplift from Walmart and you choose to return the goods unspoilt, packaged and in saleable condition, then we won't prosecute you".
They also say, FWIW, that "Security bugs in third-party applications" are not included in the program; so that would rule out attempting to compromise Mailman.
Moreover they say "Security bugs in Facebook's corporate infrastructure" are ruled out from their program which to my mind rules out compromises on Phabricator - it's not a part of the publicly facing Facebook site but instead is a backend tool.
knock knock
If you were in the UK you'd be getting an extradition order for this based on recent history.