<snip> It happened. It was known for years. </snip>
RE: request for citation.
http://www.zdnet.com/institutional-failure-led-to-nsa-missing-the-heartbleed...
<snip> It's not outside the bounds of reason to suggest that the NSA, arguably, should have found the bug within days, weeks, or even months after it was reportedly accidentally introduced into the OpenSSL cryptographic library, more than two years ago. </snip>
Roger