Questions & Answers
Frequently Asked Questions
The most important questions about WAF++ — answered concisely and without buzzwords. Click a question to reveal the answer.
15 questions answered
Vendor-neutral
Framework · Governance · Pillars
FAQ
All questions
WAF++ is intentionally vendor-neutral. Where it helps, we link to governance and RFCs instead of hard prescriptions.
1) What is WAF++ in one sentence?
WAF++ is a community-driven framework to assess cloud and platform architectures in a structured way,
make decisions traceable, and implement improvements along clear guardrails.
2) Is WAF++ vendor-neutral?
Yes. WAF++ is built around principles, patterns, and standards — not around specific products or cloud providers.
3) Is WAF++ a fork of Well-Architected?
No. WAF++ uses similar thinking (e.g., guardrails and trade-offs), but extends it with governance, working groups,
RFC processes, maturity/scoring approaches, and reference models.
4) Who is WAF++ for?
For platform teams, architects, security/compliance, SRE/operations, and auditors who want to make architecture quality
measurable and repeatable — independent of provider and tooling.
5) What are the 7 pillars?
The pillars bundle perspectives (e.g., cost, security, reliability, sovereign). Each pillar provides guiding questions,
evidence/artifact hints, and typical trade-offs.
6) Which pillars are currently available?
At the start, we prioritize Pillar 2 (Cost Optimization) and Pillar 7 (Sovereign). Additional pillars follow iteratively
once content, examples, and scoring approaches have matured sufficiently.
7) What does 'Sovereign' mean in the WAF++ context?
Sovereignty includes data control, controllability, traceability, exit capability,
regulatory alignment, and vendor-risk reduction — both technically and organizationally.
8) Is there a maturity model or scoring?
Yes — as a target vision. We work iteratively: first clear questions & evidence, then scoring/levels and reference models.
The approach is meant to be transparent (no black-box assessments).
9) What does a typical start look like?
Start small: pick a pillar (e.g., cost), answer the guiding questions with evidence (e.g., policies, dashboards, ADRs),
derive 3–5 actions, and repeat the cycle regularly.
10) How do you ensure traceability and auditability?
Through public discussions, reviews, and RFCs. Larger changes are documented as RFCs (problem, options,
decision, impact) and versioned.
11) How can I contribute?
Via issues/PRs, reviews, working groups, use cases from projects/audits, examples (patterns/anti-patterns),
or by supporting sessions/BoFs at conferences.
12) Do I need to contribute code to be a contributor?
No. Content, reviews, discussions, examples, translations, issue triage, and moderation are equally valuable.
13) How do you handle security topics?
Responsible disclosure: security issues are reported privately and published in a coordinated way.
Details are in the repository's security policy.
14) Which license does WAF++ use?
WAF++ uses a dual-license model: Apache License 2.0 for code and CC BY 4.0 for documentation.
The authoritative sources are LICENSE/NOTICE in the repository and the notes on /legal/.
15) Is there a roadmap?
Yes. We prioritize transparently and actively look for contributors for content, reviews, working groups, and real-world examples.
GET INVOLVED
Still have questions?
WAF++ is built in the open. If your question isn't answered here, open a GitHub discussion, propose an RFC, or join a Working Group.
GitHub Discussions
Ask anything directly in the repository — the community and maintainers respond.
Propose an RFC
Have a suggestion or a gap you spotted? The RFC process is open to everyone.
Working Groups
Join the pillar-specific working groups to shape content, governance, and direction.
Quick links
Framework structure and pillar overview.
TSC, Working Groups, and decision processes.
Full framework documentation and references.
How to get involved and contribute to WAF++.