IT Brief Canada - Technology news for CIOs & IT decision-makers
Canada
SonicWall urges focus on patch speed over CVE count

SonicWall urges focus on patch speed over CVE count

Wed, 15th Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

SonicWall is urging organisations to shift how they assess cybersecurity, arguing that vulnerability disclosure numbers alone provide little insight into a vendor's security posture. The company says remediation speed, patch adoption and Secure by Design practices offer a more meaningful measure of protection.

The company argues that disclosed Common Vulnerabilities and Exposures (CVEs) demonstrate that security processes are working when vulnerabilities are identified, addressed and patched. It says the greater risk comes from vulnerabilities that remain unpatched after fixes become available.

Security measures

SonicWall says every software vendor will encounter vulnerabilities because modern software platforms contain millions of lines of code, integrate with cloud services and support a wide range of deployment environments. It argues that security should instead be measured by how quickly vulnerabilities are identified, how transparently vendors communicate, how rapidly fixes are released, how easily customers can deploy them and the operational effort required to keep systems updated.

The company says vulnerability discovery can come from security researchers, internal testing and automated scanning. It also points to public advisories, coordinated disclosure processes and defined remediation workflows as indicators of effective security management.

According to SonicWall, coordinated work across product security, engineering, quality assurance and support teams allows vulnerabilities to be validated, assessed, fixed and communicated to customers through a structured process.

Design approach

SonicWall says its approach aligns with Secure by Design principles promoted by the US Cybersecurity and Infrastructure Security Agency and guidance from the National Institute of Standards and Technology.

The company says Secure by Design shifts responsibility from customers towards software vendors by encouraging products to be delivered with secure default configurations, rapid remediation processes and reduced operational complexity.

SonicWall says its implementation includes secure default configurations, automated firmware management through Network Security Manager (NSM), multi-factor authentication enforcement, login rate limiting, account protection measures and automatic rollback capabilities for upgrades.

The company says these measures are intended to reduce the effort required for organisations to maintain secure environments while improving the speed of security updates.

Patch adoption

SonicWall argues that the biggest cybersecurity challenge is no longer creating security patches but ensuring they are deployed promptly.

The company says attackers frequently exploit vulnerabilities for which fixes are already available but have not yet been installed. It identifies limited IT resources, maintenance windows, geographically dispersed environments, large device inventories and concerns about service disruption as barriers to rapid patch adoption.

SonicWall says automation can reduce those barriers by enabling organisations to deploy firmware updates through controlled upgrade channels. It says this approach reduces vulnerability exposure, improves operational efficiency, simplifies compliance requirements, lowers administrative overhead and supports a more consistent security posture across deployed systems.

The company says automation is particularly valuable for managed service providers responsible for maintaining large numbers of customer firewalls.

Upgrade results

SonicWall says more than 140,000 firewalls were upgraded through its Critical Upgrade Channel when SonicOS 7.3.2 and SonicOS 8.2.0 became available. The company says the upgrades achieved a 99.9% success rate.

It says the automated process reduced manual upgrade work while allowing customers to receive security protections more quickly.

The company also says its Secure by Design strategy includes security services enabled by default, stronger password policies, login protection mechanisms, automatic rollback capabilities, continuous vulnerability management processes and ongoing investment in secure configuration defaults.

"Measuring security by CVE count alone is a flawed approach that punishes transparency and misses the metrics that matter. The real indicators of a strong security posture are speed of discovery, quality of disclosure, remediation velocity, and ease of deployment at scale," said Asif Mujtaba, Product Manager, SonicWall.