Although that would be an improvement, it neglects basic security principles. It's backwards to pursue a model of least security, and then ask to justify policies that are more secure. The way forward is to start with the policy that is most secure (ie. minimal disclosure), and demand justification when a policy reduces security.

IOW, the question is not why the personal identities of users need to be withheld. The question is why the personal identities of participants on a bug reporting system must be disclosed. From a security viewpoint, there does not exist a rational justification. Registration already covers the need to shut down malicious users.

The only benefit to identity disclosure is attribution. And if a user wants to make sure that they get credit for documenting a bug or workaround, they can do this regardless of whether forced disclosure is in place.