what open-source vulnerability scanners do you use for PCI compliance
testing? obviously there's nessus, but what other ones are there out
there that you recommend (and why)?