Predicting the Number of Vulnerabilities that will be found in a Software

Want to know how many flaws will be in the next version of a software product? Using historical data, researchers at Colorado State University are attempting to build models that predict the number of flaws in a particular operating system or application... In an analysis to be presented at a secure computing conference in September... The latest research focuses on fitting an S-shaped curve to monthly vulnerability data, positing that a limited installed based and little knowledge of new software limits the finding of vulnerabilities in a just-released application, while exhaustion of the low-hanging fruit makes finding vulnerabilities in older products more difficult... The models used for prediction of future vulnerabilities assume that defect density--the number of software flaws per 1,000 lines of code--remains the same between software versions... (SecurityFocus.com, Page 1 and Page 2)

I choose this title: 'Predicting the Number of Vulnerabilities that will be found in a Software'. The real number of vulnerabilities exist in the software is not countable/predictable. By the way I think they count the number of vulnerabilities discovered in first few months of the release and predict the next months based on statistical methods. Not too bad.