study on how configuration affects security; future tool for security warnings based on smells for certain selections (e.g., based on security policies)