This past year saw the revelation of three massive security bugs – Heartbleed, POODLE and Shellshock – that existed for lengthy periods of time before they were discovered. Three of these bugs existed in the wild since December 2011, but had existed for a long time before being discovered. For instance, the heartbleed vulnerability – which exposes a flaw in OpenSSL, a cryptographic tool that provides communication security and privacy over the Internet – was identified in April, but was discovered in April.”]
Source: https://www.cuinfosecurity.com/2014-year-new-old-bugs-a-7681