I'm pretty sure it was securitymetrics that I recall was failing a site for PCI compliance last year due to lack of server-side BEAST mitigation (using ciphersuite order to prefer RC4).
I don't think it's only Qualys. I think it's most of the industry.
I don't think it's only Qualys. I think it's most of the industry.