On point 1, how do they even expect a researcher to know that some other researcher has found the exact same bug if it's not disclosed yet? This seems like a fake rule whose only possible effect is to suppress disclosure.
Isn't this a "solved problem"? You publish a hash of each report when it's received (or sent, if you're the sender intending to establish precedence), then it's clear when all reports are revealed which ones were reported in which order.
It doesn't let you know what others have discovered/reported, but it solves the "their word against my word" problem...
(Of course, if they're actively trying to minimise bug bounty payouts and are prepared to screw over people attempting "responsible disclosure" to do so, they've got a lot of motivation to _not_ implement this from their side. Doesn't stop researchers posting hashes when they make reports, then the rest of us being able to verify those hashes when the bug is publicly disclosd.)