We know from the NSA's own files that they pour lots of money into programs that specifically introduce bugs like this [1]. Do the current batch of leaked documents outline this exact vulnerability? No. Does it perfectly fit the model of what the NSA's own files say they're doing and therefore make it a high-likelihood explanation? I think so. At the very least the assumption that an intelligence agency, such as NSA or GCHQ, is responsible is a useful way of thinking about the kind of adversaries one faces with this type of software.
I don't think the NSA had to create this bug. I do think that static analysis could find this bug, and if they did not have the static analysis tools to do so, they probably will soon enough. It is far better for them to find existing bugs than introduce new ones, because the former is untraceable. The latter, inevitably, leaves a paper trail. I'd need a lot of convincing to believe that OpenSSL is so darned secure that it has no bugs in it until the NSA adds them, just based on the software engineering practices of the product (using C, little test code, etc).
[1] http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryp...