Yes. There was never a real problem figuring out who reported it first.
Duplicate reports are likely the most frustrating thing most security researchers will encounter. They put in a ton of work into finding the bug, developing a proof of concept and writing up a detailed report with the hope and expectation of being awarded for their effort. So when the triage team comes back and say it’s a duplicate and there will be no award, it's incredibly maddening. If someone needs to vent in my direction because of that, I can totally understand. The *problem* was trying to remain diplomatic with people who would sit there and repeatedly claim they were actually first, or that it wasn't a dupe, or that all of this was far too sophisticated for me to understand. Then, finding no sympathy from me, go to Twitter to wail and moan and bash the program with impunity because they know that the org won't respond in kind.
Maybe they should be allowed to. If it is someone that is seriously being that petulant about something, then the Org could post dates of correspondence, and even quote petulant tempertantrum once it escalates beyond civility. Once the user name gets out there, other bounty programs could just put a blanket ignor and drive the petulant person into obscurity. But of course it is the today&now, and nobody actually believes facts anymore.
I worked with some true geniuses back then, and the idea of watching them systematically dismantle idiots in a public forum would give me chills. Alas, it wasn't to be. :)
Duplicate reports are likely the most frustrating thing most security researchers will encounter. They put in a ton of work into finding the bug, developing a proof of concept and writing up a detailed report with the hope and expectation of being awarded for their effort. So when the triage team comes back and say it’s a duplicate and there will be no award, it's incredibly maddening. If someone needs to vent in my direction because of that, I can totally understand. The *problem* was trying to remain diplomatic with people who would sit there and repeatedly claim they were actually first, or that it wasn't a dupe, or that all of this was far too sophisticated for me to understand. Then, finding no sympathy from me, go to Twitter to wail and moan and bash the program with impunity because they know that the org won't respond in kind.