A lot of people have no business being in charge of the security of a server. Those are the same people who need the media to bring an exploit to their attention. They might fix Heartbleed but they never fix CVE-2014-wxyz and others and their server is probably already compromised or could be anyway. Some of the hackers will help keep your system up to date, since they don't want some other hacker taking one of "their" servers.
I found Heartbleed very simplistic and how it went unnoticed for so long is impressive. Why the hell did it let you specify the number of characters to send back and never check that? https://xkcd.com/1354/