WAF++ Logo WAF++
Planning · Strategy

Roadmap

Transparent priorities from 2026 to 2030 — technically grounded, community-driven, and foundation-ready.

2026 – 2030 Community-driven Fully public
Current quarter ↓ Changelog Governance
NOW

Q1 / Q2 2026 — v1.0 Launch

The active quarter. WAFPass v0.3.0 is live with a full three-component stack. All seven framework pillars are documented ahead of schedule. The v1.0 release remains targeted for shortly before 12 May 2026.

WAFPass v0.3.0 released
Full-stack architecture: CLI evaluation engine, wafpass-dashboard (React / Vite SPA), and wafpass-server (FastAPI / PostgreSQL). Ships Terraform plan dry-run analysis, exploit path tracking, ESG/carbon module, secret scanner, blast radius assessments, auto-fix engine, and settings persistence.
All 7 pillars documented — ahead of schedule
Pillars 2–7 are fully documented with complete control sets, design principles, best practices, maturity models, evidence, scope, and glossaries. Pillar 1 (Security) has its initial structure and controls in place.
Framework v1.0 — target: 12 May 2026
First stable release with finalized controls library, PASS scoring model, regulatory mapping (GDPR, BSI, ISO 27001, SOC 2, HIPAA), and PyPI-published WAFPass CLI.
View changelog → GitHub
Release tracker
WAFPass v0.3.0 released
28 March 2026 · GitHub · Apache 2.0
All 7 pillars documented done
Pillars 2–7 complete · Pillar 1 initial · CC BY 4.0
Dashboard & server stack live
wafpass-dashboard (React) + wafpass-server (FastAPI)
Framework & WAFPass v1.0 target
Shortly before 12 May 2026 · PyPI + full docs
2026

Operationalization & Full Rollout

After the v1.0 launch, WAF++ shifts into full operationalization — community pilots, governance finalization, and complete pillar coverage.

Q3 2026

Pilot & Governance Finalization

A pilot project to validate the building-block approach in multi-cloud scenarios, along with finalizing the governance and community model.

Multi-cloud pilot
Governance review
Stabilize community structure
Q4 2026

Stabilization & Ecosystem Growth

With all seven pillars documented ahead of schedule, the focus shifts to hardening the Security pillar, scoring model finalization, and growing the early adopter ecosystem.

Security pillar (Pillar 1) fully documented
PASS scoring model v1 finalized
Cross-pillar reference architecture
Early adopter feedback & controls refinement
STRATEGIC VISION

Roadmap to 2030

Long-term milestones that establish WAF++ as a foundational, community-owned standard for cloud architecture quality.

Governance

Technical Steering Committee

Formal election of a TSC to provide long-term steering for project development — independent of any founding members.

Ecosystem

CNCF Alignment

Full alignment with CNCF project guidelines and best practices — governance, lifecycle, and community model modelled after proven open-source foundations.

Compliance

Auditability

Enable formal auditability according to the WAF++ standard — criteria are traceable, decisions are documented, and outcomes are reproducible.

Certification

WAF++ Certification

Introduce a WAF++ certification program for teams and organizations — a verifiable, community-backed signal of architecture quality.

Transition

Advisory Model

Founders transition into advisory roles — operational decisions are fully owned by the community, TSC, and Working Groups.

SHAPE THE ROADMAP

Help set the direction.

Roadmap priorities are discussed openly in GitHub Discussions and decided via RFCs. Every community member can propose, challenge, or vote on what comes next.

RFC tracker → Governance Changelog
COMING SOON · 12 MAY 2026
WAF++ 1.0
incl. WAFPass 1.0

The first stable release of the WAF++ Framework and WAFPass CLI.

Launching on the pre-eve of Cloud Native Conference DE12 May 2026 · 20:00 CEST

-- Days
-- Hours
-- Min
-- Sek
Explore the Framework →