Google has raised its top reward for remote code execution bugs in its Google, Blogger, and YouTube domains by 50% to demonstrate appreciation for researchers' significant time dedication to the program. This move highlights the complexities involved in determining when to adjust bounty payout ranges, with managed bug bounty programs becoming the new norm due to the challenges of setting up and maintaining a successful program. Organizations that utilize trusted partners can ensure they get the most out of their bug bounty programs, starting on the right foot by defining scope and pricing targets that are critical to success. The value of bugs is subjective and varies depending on the organization's goals, targets, and security team size, requiring organizations to evaluate business impact and market trends to correctly define bug worth. A "crawl, walk, run" strategy is recommended for increasing rewards as they make sense to the security organization, staying competitive by offering a wide scope with interesting targets, coordinated disclosure programs, and marketing efforts to demonstrate security posture. Ultimately, attracting top researchers requires fair and competitive payment.