The National Security Agency (NAS) have denied that they were aware of the Heratbleed bug before the security flaw was made public.
Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report.
– Spokesperson Caitlin Hayden, US National Security Council
The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services.
If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.
The denial follows claims the NSA had known about the flaw for up to two years.