Security metrics have been proposed to assess the security of software applications based on the principles of “reduce attack surface” and “grant least privilege.” While these metrics can help inform the developer in ...