Here are verifiable facts about Heartbleed.
RFC 6520 was standardized in two years and a half. The Heartbeat fonctionality was integrated into OpenSSL sixteen days after the patch was submitted.
The possibility of the Heartbeat RFC enabling a covert channel was mentioned twice, publicly, on the IETF tls mailling list, on January 27, 2011 and on December 06, 2011. This spawned little to no reaction. The authors could not have been unaware of this risk, they were told.
Seggelmann made a coding mistake that enabled the covert channel.
There are many, many lessons to learn out of this.