The US National Security Agency (NSA) will not always disclose security vulnerabilities, such as Heartbleed, and said it assesses each case individually.
Government cyber security co-ordinator Michael Daniel explained the NSA's activities in a blog post on the White House website.
Daniel repeated statements that the agency did not know about Heartbleed prior to its widespread disclosure. He added, though, that while disclosing vulnerabilities is in the interest of national security, it is not always the immediate option.
"As with so many national security issues, the answer may seem clear to some, but the reality is much more complicated. One thing is clear: This administration takes seriously its commitment to an open and interoperable, secure and reliable internet, and in the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest. This has been and continues to be the case," he wrote.
However, Daniel said that trade-offs must be made, because revealing certain issues could harm the nation and could help protect citizens.
"There are legitimate pros and cons to the decision to disclose, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences," he said.
"Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack stop the theft of our nation's intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks."
The NSA follows processes, Daniel said, and stockpiling vulnerabilities at the expense of the American people is not in the interest of national security.
"Building up a huge stockpile of undisclosed vulnerabilities while leaving the internet vulnerable and the American people unprotected would not be in our national security interest. But that is not the same as arguing that we should completely forgo this tool as a way to conduct intelligence collection, and better protect our country in the long run. Weighing these trade-offs is not easy, and so we have established principles to guide agency decision-making in this area," he added.
"We have also established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure. This inter-agency process helps ensure that all of the pros and cons are properly considered and weighed."
The comments will no doubt cause much debate among the security community, especially after claims last year the government had pushed firms to deliberately build flaws in their products in order to help them gain access.
The comments come amid fresh security concerns with Microsoft's Internet Explorer (IE) browser, with both US and UK security bodies urging web users to avoid the tool until a fix is found.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago