The Heartbleed bug is making some Americans question whether the US government would publicly disclose such a flaw or keep it secret in the name of national security purposes. Now it seems the authority is coming directly from the top to do the latter. President Obama has given permission — in the event of "a clear national security or law enforcement need" — for the National Security Agency to exploit security flaws that it discovers without alerting companies or the public of the bugs.
The decision, reported by The New York Times, was made this past January as part of a review of recommendations for reforming the NSA. Officials in the administration tell the Times that Obama decided that the NSA should disclose flaws to the public, but the key is that he provided an all-important exception in the case of a "clear" need for national security and law enforcement purposes. Such exceptions are broad, and could allow the NSA to exploit a flaw such as Hearbleed while the public remained at risk of attacks from hackers and others.
The White House hasn't publicly announced Obama's decision on the matter, and news of it comes as the administration and the NSA denies that it had any knowledge of Heartbleed. A Bloomberg report earlier this week alleged that the NSA exploited Heartbleed for years, allowing it to gain an upper hand in circumventing encryption around the web.