Maybe we have the wrong model for security reviews and this is in part the result of the RFC series being kitchen sink.
Some reviews are so trivial as to be irrelevant. Other cases you get a document where the security considerations is a link to another document that is nothing but security considerations.
Maybe what we need is a structure that assigns multiple reviewers for some projects and rubber stamps others.
Also note that I am a designer and my skill set is quite different to those of a hacker. I can show people a way to do a job so that there is a very small chance of getting it wrong. But thats not the same as spotting their mistake if they decide to do it their way.
Another concern I have is formal methods and before folk start squawking about how they are necessary, my doctoral thesis is on formal methods. My college Tutor was Tony Hoare, I know what they are capable of. What worries me is that systems we can prove to be secure seem to be turning out to be fragile in the real world.
If folk want an extreme example, look at BTC, the cryptography of the Blockchain is unbreakable. Yet I spent this morning talking to a friend dealing with the aftermath of a relative who has literally lost everything to a corrupt exchange scheme.
