I support the idea overall. It is better to allocate funds to continuous bug bounty for all related projects than just one project. Security is critical for all members. It’s good to see that all smart contract related AIPs are equally treated.
In AIP-134, Immunefi and Llama were chosen and in your proposal are Immunefi and Solidity. Why not keep using the parties in AIP-134 and ask them to do the continuous job? We’ve already allocated 1M $APE to the bug bounty. I think it’s more reasonable to use that fund for future bounties because those funds are highly unlikely to be used up for the staking bounty.
Plus, I think for this kind of long-term project, using dollar amounts for annual grants makes more sense than using $APE. The $APE price could change dramatically in 2 years and those numbers could be much larger (or smaller) by then.