I don't think you understand what "proven correct" means. If you formally prove a spec correct using modern proof tools then it is guaranteed to have zero bugs. Nobody has found even a single bug in the proven correct CompCert C compiler for example. However people find bugs in gcc all the time.

It means that a program has been verified against a model, and properties of that model are held true.

What it does not mean is that the program is bug free. That would, of course, violate the halting problem, or its generalization Rice's Theorem - non-trivial programs can not have arbitrary properties proven about them.

There's also Gödel's Incompleteness Theorem, obviously, as well as the fact that a proof is only as good as its model.

It wouldn’t break Rice’s Thm to prove it for a particular program. All Rice’s Thm says is that any algorithm must fail on some programs.

It would if you're talking about arbitrary classes of bugs.

Not so. Consider the algorithm that reports "Yes" for all inputs for all program properties. For a large number of programs and properties, this algorithm will report the correct information.

Not true for non-Turing complete languages. Which is why all proof tools require a proof of termination. Some do it automatically (essential ruling out Turing complete languages) others require a formal proof of termination by the user.

Ages ago my advisor had a paper proving WEP to be correct. Many years later, a serious flaw was discovered.

Even formal verification can be insufficient.

Was it a proof by hand or using a formal proof tool? Never trust proofs that aren’t formally verified by a modern proof tool.

Formal verification with model checking.

That frankly sounds hard to believe. Which proof tool did he use? Link to paper?