QNX Neutrino is a Unix-style operating system, so almost all of the general Unix security information (whether generic, Linux, BSD, etc.) applies to QNX Neutrino as well. A quick Internet search for Unix or Linux security will yield plenty of papers. You'll also find many titles at a bookstore or library.
We don't market QNX Neutrino as being either more or less secure than other operating systems in its class. That is, we don't attempt to gain a security certification such as is required for certain specialized applications. However, we do conduct internal security audits of vulnerable programs to correct potential exploits.
For flexibility and familiarity, QNX Neutrino uses the generic Unix security model of user accounts and file permissions, which is generally sufficient for all our customers. In the embedded space, it's fairly easy to lock down a system to any degree without compromising operation. The ultrasecure systems that need certifications are generally servers, as opposed to embedded devices.
For more information, see Managing User Accounts, and File ownership and permissions in Working with Files.