Security Documentation


I work in a relatively high security environment mostly using a security hardened macbook pro. I'd really like to use BTT on my hardened macbook, where all the software is vetted and approved. I know there is documentation about the usage of the accessibility API, and the package is signed, but is there documentation about the security of the software as a whole? If not, I imagine having this available would be useful to others as well.

What I would be looking for is mostly security controls around the development, build, signing, and packaging. What controls are in place to make sure source code isn't modified by an untrusted party? What controls are in place to make sure the build system is secure up until the package is signed?



Just to add what I would expect to be an ideal situation, is that building and signing is done on a machine that isn't used for anything else like web browsing. Access to it uses a reasonably secure mechanism like a strong password. Firewall, FileVault, Automatic OS updates are enabled. Just essential build-system security is what I'd be hoping for.