“Sure. Each one of us is wearing an unlicensed nuclear accelerator on our back. No problem.”
Bill Murray as Dr. Peter Venkman, Ghostbusters (1984)
Computer security people tend to fall into one of two camps on design review. People from a formal development background are usually receptive to the design review process. This is only natural, as it maps closely to most formal software development methodologies. The design review process can also seem to be less trouble than reviewing a large application code base manually.
In the other camp are code auditors who delight in finding the most obscure and complex vulnerabilities. This crowd tends to look at design review as an ivory-tower construct that just gets ...