Nobody claimed that we can fix all security problems with unit testing. Unit testing should be used in addition to auditing, reviewing, and other techniques. However, unit testing can dramatically improve the quality of code, including avoiding security pitfalls and mistakes.
What we need to do is to include mandatory unit testing in all security-critical code, and ensure good coverage.
This particular bug is a bug that would have easily been caught by anyone writing rudimentary unit tests.
It's sad that there are no regression tests for these changes either, meaning we remain susceptible to such bugs in the future.
What we need to do is to include mandatory unit testing in all security-critical code, and ensure good coverage.
This particular bug is a bug that would have easily been caught by anyone writing rudimentary unit tests.
It's sad that there are no regression tests for these changes either, meaning we remain susceptible to such bugs in the future.