Jeremiah grossman sent out a survey a few weeks ago to the application security industry and he has posted
the results on his site.
"73% of those performing web application vulnerability assessments are not using or rarely using commercial scanner products.
It's hard to say if this is good/bad/increasing/decreasing or otherwise. Certainly people want tools. People love their open
source tools as a vast majority are using them. Be mindful that open source webappsec tools are mostly productivity tools, not
scanners like we asked about in #3, so they’re not opting for one over the other. There is a lot of room to dig in here with
future question as to why people use or don't use certain types of products."
Article Link: http://jeremiahgrossman.blogspot.com/2006/11/web-application-security-professionals.html
