A recent report published by Bloomberg says the NSA was familiar with Heartbleed and used the flaw to collect intelligence, choosing to stay silent not to compromise a valuable spying asset.
Around two-thirds of websites on the Internet have been affected by Heartbleed, and websites are scrambling to improve security.
Meanwhile, the federal government is denying using Heartbleed: "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," said Caitlin Hayden, National Security Council Spokeswoman, in a statement. "The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report."
The NSA has received a large amount of criticism for its widespread, sophisticated spying activities - and this report might rekindle a fierce debate.