The simulated security assessment ecosystem: Does penetration testing need standardisation?