I've noticed that wp-security-scan is updated more frequently than any other plugin I have. This is good, since it's under active development. The weird thing: Out of curiosity, I've started downloading it instead of using the automatic updater, so taht I can compare what's changed, and in at least two cases the ONLY change from the previous version is the version number itself.
For example: 220.127.116.11 and 18.104.22.168 are absolutely identical except for the version number listed in readme.txt and securityscan.php.
It makes it tempting to ignore the upgrade banner, and that's not something a security plugin should be encouraging people to do.
On a related note, I'd really appreciate a changelog. The combination of updates with no substantial change and no indication of what has changed other than running diff myself is starting to set off alarm bells.