The folks at Microsoft Research have put together a tool, the WSE Policy Advisor, that looks at your WS-Policy files for WSE and makes suggestions on problems and holes. And as of today it has been updated to work with the brand spanking new SP3 of WSE 2.0. Here’s part of the response when running it against one of the provided samples:
Warning: This mapping accepts responses without a <wsa:RelatesTo> header. Risk: The response is authenticated, but it is not securely correlated to the request. Correlation relies on <wsa:RelatesTo>, so this element should always be present and authenticated. Otherwise, an attacker may cause a client to accept a response that does not correspond to its request. Advice: Insert wsp:Header(wsa:RelatesTo) in the <MessagePredicate> assertion for the response policy.
You can get the WSE Policy Advisor and other tools and papers from the Samoa site on Microsoft Research.