The bigger problem with pentests is not the current cost but, as I see it, is that security is inherently and inescapably expensive somewhere in the chain, and that vendors have been getting a free lunch for too long. The viability of security analyses/pentests will go down if your goal is to reduce the cost by an order of magnitude because the people who are any good will find something better to do--and the consumer will still pay through all the bullshit externalities.
Security needs to cost to demand talent. The real solution to this problem, I think is that failure to secure needs to cost (whether in monetary or criminal terms) or it isn't relevant to business concerns.
> security is inherently and inescapably expensive somewhere in the chain
...is the thing that needs to change. Presumably using more automation (e.g. employing more software like http://lcamtuf.coredump.cx/afl/), such that "pen-testing" shifts from being a labor cost to a capital cost.
Open telnet servers are a solved problem (taking the solution off the rack is a question of time and, effectively, the willingness to be negligent). The automation exists.
It's the hard stuff that is context- and environment-dependent to a degree that it resists automation.
Security needs to cost to demand talent. The real solution to this problem, I think is that failure to secure needs to cost (whether in monetary or criminal terms) or it isn't relevant to business concerns.