A model developed at Colorado State University can make more accurate estimates of the number and severity of vulnerabilities a piece of software may contain.

link