"... our detector" = "strong evidence of a negative we're trying to prove..."
It's interesting how one detector can be "strong evidence" that the NSA didn't do something in secret, I think.
The research had nothing to do with the NSA (the article about the research decided to bring them up). To me, the main objective of the study was to see if the widespread revocation of certificates in a short period of time was really warranted. IMO, it was not, and my opinion seems to be validated by this study.
It *is* possible to prove this sort of negative (I'm not saying they did). For example, if you wanted to prove that heartbleed was not used on a particular system, you could set up logging in advance. You could then extend that to multiple systems, and so on. My point is that you can't use the "you can't prove a negative" argument for things like this (and also that the NSA had nothing to do with this study).