StillSecure's StillSecure VAM 5.3, the most recent release of the automated vulnerability scanning and remediation workflow toolset, works well to locate vulnerable computer systems in larger organizations that run various operating systems (OSs). Reporting is excellent, and performance and missed vulnerabilities functionality are good. False positives and integration abilities are rated fair. Testers put StillSecure VAM 5.3 through its paces with two pre-installed hardware appliances. However, StillSecure VAM 5.3 is generally sold and then installed on a server-class device by the customer. Testers used a Dell PowerEdge 1750 2.8GHz dual processor server with 2GB RAM as the control server at one eWeek location, and an identical system was installed at another networked eWeek location. In contrast to the methodology used for testing previously, testers more closely evaluated false positives instead of missed vulnerabilities. This approach was taken because such systems have improved vulnerability assessment, but still generate an almost-overwhelming number of false positives that can greatly increase the pseudo-workload created for the IT administrator. They found that StillSecure VAM 5.3, which was probably looking at reply banners from probes of test systems, still reported many problems (about half) that did not actually exist on Windows systems. If more intrusive tests had been done by StillSecure VAM 5.3, accuracy would have been better, but system chaos would have most likely been the result. This problem has also been found on almost all rival products. StillSecure VAM 5.3 also provides a relatively efficient mechanism that permitted testers to identify false-firing rules and to ignore them in subsequent scans of the tested systems.