Is Less Really More? Towards Better Metrics for Measuring Security Improvements Realized Through Software Debloating.