My understanding is that while certain elements of docker for mac have been open sourced, the application as a whole is not open source (I imagine it can’t be as its got to tightly integrate with OSX, which obviously isn’t).

As the application requires fairly hefty permissions (to modify networking etc - which is clearly necessary) and as its not on the mac app store (probably at least in part because of the permissions that it requires) - I would be grateful if anyone could explain how users can best assess the degree of confidence they can have that the software is not compromised and will not be compromised, either intentionally or otherwise. For example, has it been audited by any third party, or will it be? Who reviews the code?

I do not intend to cast the least aspersion and much admire the work done by docker inc but I think it is in order for people to ask what sort of security measures are in place, even if they’re simply internal, as the level of trust required is high.