While reading the new post on Jungsonn's blog I decided to explain my point of view here.

Well, the background is around the news in the New York Times made by Acunetix (a Web Apps Scanner vendor):
70% of the websites scanned were found to contain high or medium vulnerabilities ..
I will not talk about the Joe Snyder declaration/bet which is kinda ... well sad for him :/

So, I guess the point of the discussion and maybe the misunderstanding between Acunetix, Joe Snyder, Jungsonn and the many others are the definition of basic words such as vulnerability.
First of all, I have to say that Jungsonn is right when he talk about the kind of vulnerabilities he focus on: let's say directly exploitable to generate some failure on the web apps.
But the point is that a vulnerability is not only this, it may also be really soft! If somebody is able to disclose some information on your website such as list files in a directory (directory listing), reach a sub-domain that he should not be aware of... All of this are vulnerabilities because somebody can get some information from it even if it's not directly exploitable such as remote file inclusion, sql injection etc.

And if I had a to use a Web Apps Scanner, I really need this tool to report all of this things because it should replace (for my company) the consultant team or the hiring of a security expert...

I really think this kind of discussion comes because we don't have a real taxonomy of this words and people have different thinking about security...
And of course I don't claim to have the truth, but at least that's my point of view...