User blog comment:MisterWoodhouse/Introducing the Fandom Bug Bounty Program/@comment-25646820-20190724225618

I am 100% fully in support of this. I also work for a company that has a bug bounty and a very large (several hundred thousand active users) userbase. As such, we often get duplicate reports, so I would recommend getting started on crafting two things:


 * 1) A policy that says, in essence, FCFS.
 * 2) A polite, thankful note to send to the second and subsequent reporters saying that you've already got that report (with a link to the report) and a link to the policy.

Trust me, it will save you a lot of grief in the long run.

One question, though: does the bounty only apply to security bugs/vulnerabilities or bugs in general?