Hacker News new | comments | show | ask | jobs | submit login

You apologise and pay the guy. Then you write it up as a public case study in very simple English. At each step point out what he should have done. That means the next people know what to do, and everything comes out positively from this.

At the moment the loud and clear message is that there are far more welcome places than Facebook to report found issues.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact