Many organizations want to predict the number of defects (faults) in softwa
re systems, before they are deployed, to gauge the likely delivered quality
and maintenance effort. To help in this numerous software metrics and stat
istical models have been developed, with a correspondingly targe literature
. We provide a critical review of this literature and the state-of-the-art.
Most of the wide range of prediction models use size and complexity metric
s to predict defects. Others are based on testing data, the "quality" of th
e development process. or take a multivariate approach. The authors of the
models have often made heroic contributions to a subject otherwise bereft o
f empirical studies. However, there are a number of serious theoretical and
practical problems in many studies. The models are weak because of their i
nability to cope with the, as yet, unknown relationship between defects and
failures. There are fundamental statistical and data quality problems that
undermine model validity. More significantly many prediction models tend t
o model only part of the underlying problem and seriously misspecify it. To
illustrate these points the "Goldilock's Conjecture," that there is an opt
imum module size, is used to show the considerable problems inherent in cur
rent defect prediction approaches. Careful and considered analysis of past
and new results shows that the conjecture lacks support and that some model
s are misleading. We recommend holistic models for software defect predicti
on, using Bayesian Belief Networks, as alternative approaches to the single
-issue models used at present. We also argue for research into a theory of
"software decomposition" in order to test hypotheses about defect introduct
ion and help construct a better science of software engineering.