As an academic, he has probably verified that the underlying algorithms are as sound as claimed. Problems like Heartbleed come from implementation errors. Implementations are very prone to error, so there are almost certainly still other, unreported vulnerabilities.
From the article, it would seem that side-stepping this, and going directly for the routers, or even the employees, is more efficient in actually circumventing encryption than hunting for vulnerabilities in encryption implementations.
From the article, it would seem that side-stepping this, and going directly for the routers, or even the employees, is more efficient in actually circumventing encryption than hunting for vulnerabilities in encryption implementations.