What I’m trying to push back on is your assertion that everyone can do it.
Security auditing is an extremely complex and specialized field within the already complex and specialized field of software development. Everyone cannot do it.
Even if it were as straightforward as you imply, just the prevalence of major security flaws in thousands of open source packages implies that everyone doesnt do it.
If I were to leave piles of aggregate and cement, barrels of water, hand tools and materials for forms, a grader and a compactor out and tell the neighborhood “now you can all pave your driveways” I’d be looked at like a crazy person because presented with the materials, tools and equipment to perform a job most people still lack the training and experience to perform it.