Vulnerability management tools: Dos and don'ts