A report that the NSA regularly used the Heartbleed bug for years “to gather critical intelligence” but kept “the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts” according to Bloomberg News. Bloomberg went on to report:
The NSA and other elite intelligence agencies devote millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers. Open-source protocols like OpenSSL, where the flaw was found, are primary targets.
The Heartbleed flaw, introduced in early 2012 in a minor adjustment to the OpenSSL protocol, highlights one of the failings of open source software development.
Computerworld reported how ironic it was about the Bloomberg report came the same day as the US Department of Homeland Security issued a warning about the Heartbleed bug:
While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems.
Only time will tell about how devastating the Heartbleed bug will be to Internet users, but the impact on national security will be interesting to analyze.