A critique of software defect prediction models

Many organizations want to predict the number of defects (faults) in softwa re systems, before they are deployed, to gauge the likely delivered quality and maintenance effort. To help in this numerous software metrics and stat istical models have been developed, with a correspondingly targe literature . We provide a critical review of this literature and the state-of-the-art. Most of the wide range of prediction models use size and complexity metric s to predict defects. Others are based on testing data, the "quality" of th e development process. or take a multivariate approach. The authors of the models have often made heroic contributions to a subject otherwise bereft o f empirical studies. However, there are a number of serious theoretical and practical problems in many studies. The models are weak because of their i nability to cope with the, as yet, unknown relationship between defects and failures. There are fundamental statistical and data quality problems that undermine model validity. More significantly many prediction models tend t o model only part of the underlying problem and seriously misspecify it. To illustrate these points the "Goldilock's Conjecture," that there is an opt imum module size, is used to show the considerable problems inherent in cur rent defect prediction approaches. Careful and considered analysis of past and new results shows that the conjecture lacks support and that some model s are misleading. We recommend holistic models for software defect predicti on, using Bayesian Belief Networks, as alternative approaches to the single -issue models used at present. We also argue for research into a theory of "software decomposition" in order to test hypotheses about defect introduct ion and help construct a better science of software engineering.