In doing research and random surfing, I come across some intereting tidbits:
TN2124 : Debugging Magic – a must-read.
Improving your software with static analysis. Not really Shark-style static analysis, but more about using compiler flags to tweak the warning levels. I’m a firm believer in cranking up the warning levels using useful warnings (for instance, -Wunused-parameter is pretty much worthless)
Also, the paper Setuid Demystified (PDF), while not OS X specific, does give some insight on how the unix setuid mechanism, how it works and its history.