Ada Conformity Assessment Authority. 2012. Ada Reference Manual, ISO/IEC 8652:2012 (E). 3rd edn.

Adams, C., Cain, P., Pinkas, D., and Zuccherato, R. 2001 (August). RFC-3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). Freemont, CA: Internet Engineering Task Force.Google Scholar

Aho, Alfred V., Lam, Monica S., Sethi, Ravi, and Ullman, Jeffrey D. 2007. Compilers Principles, Techniques, & Tools. 2nd edn. Boston, MA: Addison Wesley.Google Scholar

Amey, Peter. 2002. Correctness by Construction: Better Can Also Be Cheaper. CrossTalk, the Journal of Defense Software Engineering, 15(3), 24–28.Google Scholar

Ammann, Paul, and Offutt, Jeff. 2008. Introduction to Software Testing. Cambridge: Cambridge University Press.CrossRefGoogle Scholar

Barnes, John. 2012. Spark: The Proven Approach to High Integrity Software. http://www.altran.co.uk, UK: Altran Praxis.Google Scholar

Barnes, John. 2014. Programming in Ada 2012. Cambridge: Cambridge University Press.CrossRefGoogle Scholar

Beizer, Boris. 1990. Software Testing Techniques. New York: Van Nostrand Reinhold.Google Scholar

Ben-Ari, Mordechai. 2009. Ada for Software Engineers. 2nd edn. London: Springer- Verlag.Google Scholar

Bjørner, Nikolaj. 2012. Taking Satisfiability to the Next Level with Z3. Pages 1–8 of: Gramlich, Bernhard, Miller, Dale, and Sattler, Uli (eds), Automated Reasoning. Lecture Notes in Computer Science, vol. 7364. Berlin: Springer.CrossRefGoogle Scholar

Black, Rex. 2007. Pragmatic Software Testing: Becoming an Effective and Efficient Test Professional. Indianapolis: Wiley.Google Scholar

Blair, Michael, Obenski, Sally, and Bridickas, Paula. 1992. Patriot Missile Defense: Software Problem Led to System Failure at Dhahran, Saudi Arabia. Tech. rept. GAO/IMTEC-92-26. Washington, DC: United States General Accounting Office.Google Scholar

Bobot, François, Filliâtre, Jean-Christophe, Marché, Claude, and Paskevich, Andrei. 2011. Why3: Shepherd Your Herd of Provers. In: In Workshop on Intermediate Verication Languages (pp. 53–64). Wroclaw, Poland.Google Scholar

Chapin, Peter. 2014. Thumper. https://github.com/pchapin/thumper.

Chapman, Roderick, Botcazou, Eric, and Wallenburg, Angela. 2011. SPARKSkein: A Formal and Fast Reference Implementation of Skein. Pages 16–27 of: Proceedings of the 14th Brazilian Conference on Formal Methods: Foundations and Applications. SBMF'11. Berlin: Springer-Verlag.Google Scholar

Chapman, Roderick, and Schanda, Florian. 2014. Are We There Yet? 20 Years of Industrial Theorem Provingwith Spark. Pages 17–26 of:Klein, Gerwin, and Gamboa, Ruben (eds), Interactive Theorem Proving. Lecture Notes in Computer Science, vol. 8558. Switzerland: Springer International Publishing.Google Scholar

Comar, Cyrille, Kanig, Johannes, and Moy, Yannick. 2012. Integrating Formal Program Verification with Testing. Tech. rept.AdaCore. http://www.adacore.com/ uploads_gems/Hi-Lite_ERTS-2012.pdf.

Croxford, Martin, and Chapman, Roderick. 2005. Correctness by Construction: AManifesto for High-Integrity Software. CrossTalk, the Journal of Defense Software Engineering, 18(12), 5–8.Google Scholar

Dale, Nell, andMcCormick, John. 2007. Ada Plus Data Structures: An Object-Oriented Approach. 2nd edn. Sudbury, MA: Jones and Bartlett.Google Scholar

Dale, Nell, Weems, Chip, and McCormick, John. 2000. Programming and Problem Solving with Ada 95. 2nd edn. Sudbury, MA: Jones and Bartlett.Google Scholar

Davis, Noopur, and Mullaney, Julia. 2003. The Team Software Process (TSP) in Practice: A Summary of Recent Results. Tech. rept. CMU/SEI-2003-TR-014 ESC-TR-2003- 014. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.Google Scholar

DeRemer, Frank, and Kron, Hans. 1975. Programming-in-the-Large Versus Programming-in-the-Small. Pages 114–121 of: Proceedings of the International Conference on Reliable Software. New York: Association for Computing Machinery.Google Scholar

Dross, Claire, Efstathopoulos, Pavlos, Lesens, David, Mentr´e, David, and Moy, Yannick. 2014. Rail, Space, Security: Three Case Studies for Spark 2014. http://www. spark-2014.org/uploads/erts_2014.pdf.

Dutertre, Bruno. 2014.Yices 2.2. Pages 737–744 of: Biere, Armin, and Bloem, Roderick (eds), Computer-Aided Verification (CAV'2014). Lecture Notes in Computer Science, vol. 8559. Heidelberg, Germany: Springer.Google Scholar

Eisenstadt, Marc. 1997. My Hairiest Bug War Stories. Communications of the ACM, 40(4), 30–37.CrossRefGoogle Scholar

English, John. 2001. Ada 95: The Craft of Object-Oriented Programming.http://www.adaic.org/resources/add content/docs/craft/html/ contents.htm.

Epp, Susanna S. 2010. Discrete Mathematics with Applications. 4th edn. Pacific Grove, CA: Brooks/Cole Publishing.Google Scholar

Gersting, Judith. 2014. Mathematical Structures for Computer Science. 7th edn. New York: W.H. Freeman.Google Scholar

GNAT, 2015a. GNAT Reference Manual, http://docs.adacore.com/ gnat_rm-docs/html/gnat_rm/gnat_rm.html

GNAT, 2015b. GNAT User's Guide, http://docs.adacore.com/ gnat_ugn-docs/html/gnat_ugn/gnat_ugn.html

Hall, Anthony, and Chapman, Roderick. 2002. Correctness by Construction: Developing a Commercial Secure System. IEEE Software, 19(1), 18–25.CrossRefGoogle Scholar

Humphrey, Watts. 2000. Introduction to the Team Software Process. SEI Series in Software Engineering. Boston, MA: Addison Wesley.Google Scholar

Humphrey, Watts. 2004. Security Changes Everything. Keynote address presented at the ACM SIGAda Annual International Conference, November 14–18, Atlanta, GA.Google Scholar

Humphrey, Watts. 2006a (January). Defective Software Works. News at SEI. http://www.sei.cmu.edu/library/abstracts/news-at-sei/ wattsnew20041.cfm.

Humphrey, Watts. 2006b (February). Security Changes Everything. News at SEI. http://www.sei.cmu.edu/library/abstracts/news-at-sei/ wattsnew20042.cfm.

International Telecommunication Union. 2002 (July). Information Technology – ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER), Distinguished Encoding Rules (DER). Geneva, Switzerland.

Jones, Capers. 2000. Software Assessments, Benchmarks, and Best Practices. Addison- Wesley Information Technology Series. Boston: Addison Wesley.Google Scholar

Jones, Capers. 2012 (September). Software Quality in 2012: A Survey of the State of the Art. Software Quality Group of New England. http://sqgne.org/ presentations/2012-13/Jones-Sep-2012.pdf.

Jones, Capor. 2013. Software Defect Origins and Removal Methods. Tech. rept. Narragansett, RI: Namcook Analytics LLC.Google Scholar

Jorgensen, Paul. 2008. Software Testing: A Craftsman's Approach. 3rd edn. Boca Raton, FL: Auerbach Publications.Google Scholar

Kaner, Cem, Falk, Jack, and Nguyen, Hung Quoc. 1999. Testing Computer Software. 2nd edn. Indianapolis, IN: Wiley.Google Scholar

Knight, John, DeJong, Colleen, Gibbs, Matthew, and Nakano, Luis. 1997 (September). Why Are Formal Methods Not Used More Widely? In: Holloway, Michael, and Hayhurst, Kelly (eds), Proceedings of the Fourth NASA Langley Formal Methods Workshop pp. 1–12. Hampton, VA: NASA.Google Scholar

Knuth, Donald. 1998. The Art of Computer Programming: Seminumerical Algorithms. Vol. 2. Boston, MA: Addison-Wesley.Google Scholar

Mao, Wenbo. 2004. Modern Cryptography Theory and Practice. Upper Saddle River, N.J.: Pearson.Google Scholar

Marsh, William, and O'Neill, Ian. 1994. Formal Semantics of Spark. Tech. rept. Bath, England: Program Validation (available from Altran Praxis).Google Scholar

McCormick, John. 1997. Forum Letter. Communications of the ACM, 40(8), 30.Google Scholar

McCormick, John W., Singhoff, Frank, and Hugues, Jerome. 2011. Building Parallel, Embedded, and Real-Time Applicatins with Ada. Cambridge, England: Cambridge University Press.CrossRefGoogle Scholar

Mills, Harlan, Dyer, Michael, and Linger, Richard. 1987. Cleanroom Software Engineering. IEEE Software, 4(5), 19–25.CrossRefGoogle Scholar

Moy, Yannick, Ledinot, Emmanuel, Delseny, Herve,Wiels, Virginie, and Monate, Benjamin. 2013. Testing or Formal Verification: DO-178C Alternatives and Industrial Experience. IEEE Software, 30(3), 50–57.CrossRefGoogle Scholar

NASA. 2011 (January). National Highway Traffic Safety Administration Toyota Unintended Acceleration Investigation. Technical Assessment Report TI-10-00618.Washington, DC: NASA Engineering and Safety Center.

New York University. 2014. CVC4: The SMT Solver. http://cvc4.cs.nyu.edu/ web/.

National Institute of Standards and Technology. 2002 (May). The Economic Impacts of Inadequate Infrastructure for Software Testing. Planning Report 02-3. Washington, DC: NIST.

OCamlPro. 2014. The Alt-Ergo Theorem Prover. http://alt-ergo.lri.fr/.

OpenSSL Project. 2014a. OpenSSL Cryptography and SSL/TLS Toolkit. https:// www.openssl.org/.

OpenSSL Project. 2014b. OpenSSL Vulnerabilities. https://www.openssl.org/ news/vulnerabilities.html.

Parnas, David Lorge, and Madey, . 1995 (January). Functional Documents for Computer Systems. Science of Computer Programming, 25(1), 41–61.CrossRefGoogle Scholar

Pattis, Richard E. 1988. Textbook Errors in Binary Searching. SIGCSE Bulletin, 20(1), 190–194.CrossRefGoogle Scholar

Paulk, Mark C. 2009. A History of the Capability Maturity Model for Software. ASQ Software Quality Professional, 12(1), 5–19.Google Scholar

Radio Technical Commission for Aeronautics (RTCA). 2011a. DO-178C Software Considerations in Airborne Systems and Equipment Certification. RTCA and European Organisation for Civil Aviation Equipment (EUROCAE).

Radio Technical Commission for Aeronautics (RTCA). 2011b. DO-333, Formal Methods Supplement to DO-178C and DO-278A. RTCA and European Organisation for Civil Aviation Equipment (EUROCAE).

Riehle, Richard. 2003. Ada Distilled: An Introduction to Ada Programming for Experienced Computer Programmers. Tech. rept. Salinas, CA: AdaWorks Software Engineering.Google Scholar

Rosen, Kenneth. 2011. Discrete Mathematics and Its Applications. 7th edn. New York: McGraw-Hill.Google Scholar

Spark Team. 2011 (September). INFORMED Design Method for SPARK. Bath, England. http://docs.adacore.com/sparkdocs-docs/Informed.htm.

Spark Team. 2014a. Spark 2014 Reference Manual. New York: AdaCore. http:// docs.adacore.com/spark2014-docs/html/lrm/.

Spark Team. 2014b. Spark 2014 Toolset User's Guide. New York and Paris: AdaCore. http://docs.adacore.com/spark2014-docs/html/ug/.

Stallings, William. 2014. Cryptography and Network Security, Principles and Practice. 6th edn. Upper Saddle River, N.J: Pearson.Google Scholar

Wikibooks. 2014. Ada Programming. http://en.wikibooks.org/wiki/ Ada_Programming.