The flow logic approach to static analysis amounts to specifying the admissibility of solutions to analysis problems; when specified using formulae in stratified alternation-free least fixed point logic one may use efficient algorithms for computing the least admissible solutions. We extend this scenario to validate the fulfilment of safety and security constraints on admissible solutions; the modified development produces a least solution together with a boolean value indicating whether or not the constraints are validated or violated. The main contribution is the development of a deterministic heuristics for obtaining a solution that is close to the least solution while enforcing the safety or security constraints. We illustrate it on the BellLaPadula mandatory access control policy where the heuristics is used to suggest modifications to the security annotations of entities in order for the security policy to hold.