Internet security bugs like Heartbleed are fair game for exploitation by the NSA in matters of national security, according to a report this weekend.

The New York Times claims President Obama has decreed that in most cases known bugs should be revealed to protect the public and businesses and lower the risk of espionage or cyber attacks.

However, Obama also created an exemption when there is "a clear national security or law enforcement need," the administration conceeded on Saturday.

In those cases the NSA would not be obliged to make the public aware of the potentially-harmful security flaws and would be free to continue exploiting them.

No prior knowledge

According to the New York Times, the decision was made back in January, but was never publicly detailed by the White House.

Late last week the administration denied it had any previous knowledge of the Heartbleed bug after reports claimed the NSA had known about and exploited the flaw for years.