So you want to form a group but are unsure which format fits best or which obstacles might lie in front of you? Then let's review some possible concepts and how they differ.
It is best to imagine the kind of group you want to be part of. Subtle differences at core aspects could otherwise disappoint you or others.
The following core aspects should be considered.
Do you want to have a safe space? Or do you want others to learn from your group's type of operation? Let's call these concepts "private" and "public".
A private group has no form of publicity. People outside of the group might know that it exists but do not know how it internally operates. Maybe it's not even known who exactly is part of the group. This is an ideal setup for people who have concerns with being possibly judged by others. People are free to express themselves during reviews and it works great if members already know each other well. Also in case of security relevant software it helps to responsibly disclose bugs to maintainers before everyone knows about them by shoulder-surfing you.
A public group exposes internal operations. Maybe by writing meeting minutes, publishing videos or streaming their review sessions. This is a great setup to expose your best practices or giving others a chance to give your group suggestions how to improve.
Do you want to have a fixed set of review buddies? Or do you want others to join and leave whenever they want? Let's call these concepts "closed" and "open".
A closed group is not open to new members. You have a fixed set of people who perform reviews together. In such a setup it is easy for everyone involved to get used to the way their fellow members operate and how to integrate ideas and processes.
An open group accepts members at any given time. Whoever is curious can easily join and leave which helps to attract people to your group. Also it has huge potential that new concepts are introduced by newcomers.
What do you want to achieve with your group? Do you want to improve reviewing skills? Or do you want to use your reviewing skills to fix bugs or earn money through bug bounty programs? Let's call these concepts "learning" and "performing".
A learning group has a strong focus on sharing knowledge among its members. Experienced reviewers can share their setups and thought processes with others or simply try new ones. As long as at least one person learned something during a session, it is considered to be a success.
A performing group has a strong focus on finding bugs. All members should be able to contribute to this goal, and gaining knowledge is the responsibility of an individual. This setup works great if you want to either contribute to software projects or gain inherent knowledge of software internals: The product is the focus, not the group members.
Let's combine these concepts to see how such groups can operate.
Imagine a course at school or university. People explicitly join such a group to learn a subject. Students do not change during course and the materials used are not public to everyone.
The lifetime of such a group is limited by definition. As soon as all students are done with the lectures and exercises, the course ends. This eventually happens to the group as well. Keep this in mind and do not consider this approach to be a failure if the group is gone!
Such a group can be compared with a sitcom. No matter at which episode you are, it must be relatively easy to join or else it does not work. Just like with a sitcom you should not expect a lot of depth to be seen during a session. It is best to broadly enter a subject and either repeat this with each session or switch subjects every time to keep it interesting to newcomers and regular members.
This would be your regular company setting. Add a CEO and you are done.
Think about the amount of time you want to spend. Do you want to have a regular schedule? How often do you want to meet? And which software do you want to review? Do you want to advertise your group?
Even though this sounds complicated, it is best to reach out to others and see after a few meetups if a common ground can be found.