It seems that debate over the automatic tools vs. manual penetration tools raises serious questions within the government agencies.South Carolina and Delaware already use Core Impact, other might follow:

Nick Baskett wrote an interesting article in it-observer about best practices when hiring an external penetration testing consultant. I hope that more and more business decision makers will apply his advices :

If there is any mention of XSS, there is a big chance RSnake’s name or its cheat sheet is mentioned along with it. His contribution in the web application security awareness is legendary.

ABC News reports on a new attack vector targeted at broadband routers / acces points : Drive-By Pharming.