NSA was not aware of the Heartbleed bug posted April 2014
by the way they're talking about a "zero day" vulnerability, and now is a good time to learn what it is:
a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it
I'm akin to trust them since... well. So many US websites were using OpenSSL and... it's not really nice if someone else eavesdrop on american citizen...
Anyway, this shows that the NSA has a long way to build trust again.