Comment Re:Well, yeah (Score 4, Insightful) 134
Spy agency's job is to spy. It'd be remiss of them not to use such a security hole.
The question is, would he allow the NSA to exploit a similar vulnerability against Americans. And I think we already know the answer to that one too.
No, the role of the NSA is not just to gather SIGINT, the NSA iis also tasked with preventing unfriendly entities from gathering SIGINT which is why the NSA initiated and open sourced SE Linux just to cite one example. So the question here is should the NSA put every single American SSL using business at risk for years on end to protect a single source of SIGINT? After all, foreign intelligence services may not have to budget of the NSA but they are not stupid either, they can discover bugs like Heartbleed just as easily as the NSA can and might well use it sufficiently stealthily for the NSA not to notice that they aren't the only ones sitting on this vulnerability. When do the costs of spying outweigh the benefits?