Law, Ethics and Responsible Disclosure
The Ethics are both quite abstract though logical at the same time. The are written in an abstract manner in which they could apply to even other things than hacking. Thus making it logical as well. Many things you wouldn't do to someone in real life you wouldn't do online. I think it's the same point these guys tried to make, except badly executed.
In my opinion the internet is one of the last few free places there are in the world. Though sometimes tightly controlled by governments, look at China or North-Korea, people still find ways around the system to express their voices. I agree with the ethics being like gentlemen rules, just don't be a dick to someone, don't do anything you wouldn't want to be done to yourself. But this doesn't include expressing your opinion even though it might hurt some people. On the internet you still got the right to say those things the same as people having the right to disagree and say something about it. While in the real world when you say something wrong people will call it a form of discrimination and you'll get prosecuted. Thus undermining the freedom of speech and creating more and more censorship.
These are the responsible disclosures of companies I compared.
The first things that stood out to me was the rewards. While Google and Apple being big corporations reward the people with big sums of money, the Fontys rewards them by putting their name on the wall of fame. Looking at other smaller companies it is more common to give some merchandise, putting their names on the hall of fame or giving a small amount of money compared to the big numbers Google and Apple are giving as rewards.
What they all have in common is that they want a full detailed report of what you did so they can reproduce the scenario. They all don't want you to make anything public before they had a chance to fix it and don't dig any deeper in sensitive date that is necessary to proof the vulnerability.
They all also state that even though you did anything illegal while proofing the vulnerability, if you follow their responsible disclosure and follow their rules they won't pursue any legal actions.
It is quite logical that companies don't prosecute these people and give them rewards instead, because if you think about it they will lose far less money when they pay these rewards then if they get hacked by a real threat. Looking at this website a lot of companies share that same ideology.