There are policies that trust people with certain powers but do not trust those same people to decide who else to trust. This seems to me alternately wise and foolish. If I work on a secret government project then there are those who specialize in security by checking into background of others to consider the possibility that they are spies. I don’t like working in those environments but I do not criticize that particular paranoia.
If we turn our attention to trusting programs instead of people, then confinement becomes feasible and the theft of secrets seems controlled, but sabotage remains possible. Is it possible for an adversary to produce code that is able to gain a reputation of working, yet is able to detect applications where it should sabotage some calculation? I think usually no but sometimes yes. In that case it may be necessary to get a background check on the subroutine, which may mean reading the code or getting a background check on the programmer of that routine.
Normally abstraction discipline means that a contractor will be concerned with the competence of sub contractors but not sub sub contractors. Division of labor may require the contractor’s security department delving into the incentives of the sub sub contractors.