I've noticed that wp-security-scan is updated more frequently than any other plugin I have. This is good, since it's under active development. The weird thing: Out of curiosity, I've started downloading it instead of using the automatic updater, so taht I can compare what's changed, and in at least two cases the ONLY change from the previous version is the version number itself.
For example: 18.104.22.168 and 22.214.171.124 are absolutely identical except for the version number listed in readme.txt and securityscan.php.
It makes it tempting to ignore the upgrade banner, and that's not something a security plugin should be encouraging people to do.
On a related note, I'd really appreciate a changelog. The combination of updates with no substantial change and no indication of what has changed other than running diff myself is starting to set off alarm bells.