Here is a good one and not the first time this has happened.
According to the PCI SSC’s news release, one or possibly more Approved Scanning Vendors (ASV) have apparently been actively promoting an ‘ASV Program Modernization Effort’. I have no idea what they would be “modernizing”, but apparently some ASVs think there needs to be modernization of the ASV program.
The bottom line from the Council is that this discussion of a modernization effort is not endorsed by the Council nor is the Council involved in these discussions. As they stated in bold in the release:
“However, PCI SSC is not a participant in, and in no way endorses, is affiliated with, sponsors, or has contributed to the above-noted “ASV Program Modernization Effort.”
I am betting the ASVs involved in this effort are wishing they were not involved. It clearly states in the various Code Of Conduct and contracts that such efforts are not allowed and can result in remediation and even termination of an ASV from the PCI program.
The lesson to be learned here is that if you are an ASV, QSAC, PA-QSAC or in any way affiliated with the PCI Council through one of their programs and you are approached about the ‘ASV Program Modernization Effort’ be polite but ignore it.
PCI Guru 
@PCIGuru can you qualify with PCI SSC references, your statement “It clearly states in the various PCI program guides and contracts that such efforts are not allowed and can result in remediation and even termination of an ASV from the PCI program.” Thanks!
I cannot provide anything in the contracts because I do not have access to those. Only the PCI Key Contact for your organization has access to those contracts.
As someone else pointed out to me, it is actually in the Code Of Conduct published by the PCI SSC where they call out their ability to sanction people for inappropriate conduct.
take a look into content of this book personally i found very handy to resolve PCI DSS implementation issues from this book. hope new comers will gain some serious information from that book worth to buy.
https://www.amazon.com/PCI-DSS-3-2-Comprehensive-Understanding/dp/1984381938
Thank you for raising awareness to this
https://polldaddy.com/js/rating/rating.js
There is merit in revisiting the ASV Program Guide and creating an actual ASV Testing Standard.
Like QSAs, no two ASVs are the same. I use two different ASV scanners/attestation services and I consistently get different results. I actually use a third ASV scanner but I don’t use their attestation services. I consistently get a PCI fail on any given test from one scanner, but the others give me a pass. Go figure.
https://polldaddy.com/js/rating/rating.js
Most ASVs use Qualys for their vulnerability scanning. Qualys was the first one to provide a Web interface for the scheduling and running of scans, hence it’s wide use. Differences come from ASVs that set their Qualys configurations different from Qualys’ recommendations as well as ASVs that use a different scanning engine such as Tenable, IP360 or any other scanner. No different than if you used different scanners in-house, a practice I have always recommended just to keep scanning vendors honest.