I like this denial, in that it is pretty solid and clear that the NSA did not know about Heartbleed and therefore did not exploit it. I tend to believe the statement too, for two reasons:
- It passes my smell test, as I do believe the NSA thinks it would be more of a threat than an asset to leave the security hole open.
- The statement doesn't leave room for weaseling out of legal repercussions for the agency. The winds are shifting and “national security” is no longer a statement that is reason enough alone.