It is true that the code is Open Source, but an ordinary software developer with no knowledge of cryptography and peer-to-peer communication would not be able to spot malicious code.
I somehow fail to understand this.
A developer, it he's good enough, will spot the malicious cod if it's there, this is not related to cryptography...
The analysis should be performed by a specialist or better by a team of specialists, all of them with verifiable academic background.
You do have a somehow valid point here, but it's still odd. Let me explain.
Meaning, if Monero team would pay for such a review/analysis, you will doubt it, because it's paid by them, don't you?
Apart of that, more independent reviews the better! Just I don't know who would do that for free, I expect it to be quite a lot of work.