I find this comment confusing. You claim the testing isn't done because the issues are either in state machines or in the math... yet we're looking right now at a case where neither failed and some simple unit testing would catch the issue. Isn't it a false dichotomy to say it's not worth unit testing (not TDD) unless we switch to safer languages? If the code is less secure than RoR because of lack of testing, then what's wrong with getting it to that level first? At least it won't require a rewrite from scratch.
This bug is entirely random. It causes certificate validation to break at a point where certificate validation never breaks. Obviously, once you know it's there, a unit test keeps you from ever having the bug again. It's less apparent to me that it helps you before you realize that the bug could exist.
Unit tests may be written before or after the production code in question has been written. They provide no guarantee of the correctness of the final code, but they may find small things. Corrective unit tests as you've described them will not help you find this bug.
But finding bugs like the above is TDD's bread and butter. TDD dictates specifically that the test must be written first, that it must be isolated to a particular spot as much as possible, and the dumbest piece of code possible must be written in order to allow the author to move on to writing the next test. Someone TDDing this method would stub out any required external state in order to focus only on the piece of code in front of them.
The final system may not be correct––you must still perform high-level testing as you always would, and you must understand the rules of the system you're building. But you're apt to avoid the simple stuff.
I don't think i can agree with "random". Anyone going for maximum branch coverage would find this problem. Also every point is where validation never breaks... until it does. It's like the apple openssl bug - trivial to find, provided anyone actually tests the code they release, trying to exercise all code paths.
