"WhiteHat Security has performed vulnerability assessments on roughly 2,000 websites, identified tens of thousands of security flaws, and interacted with their owners about how to deal with them. From this experience we've learned some invaluable lessons about the systemic nature of Web security challenges and the need for heterogeneous and customized solutions. As the Web takes center stage in IT security, pen-testers and vulnerability assessment providers must be capable of more than spotting the weaknesses and relaying generic advice on an annual basis. They'll need to offer strategic planning regarding where to start, what should be done next, how to align incentives, track progress, measure success, and more importantly justify investment. These skills often do not come naturally to the average technically-minded pen-tester, but this is how the next generation will differentiate themselves from the rest."