WAF++ Logo WAF++
Planning · Strategy

Roadmap

Transparent priorities from 2026 to 2030 — technically grounded, community-driven, and foundation-ready.

2026 – 2030 Community-driven Fully public
Current quarter ↓ Changelog Governance
RELEASED

Q1 / Q2 2026 — v1.0 Launched

WAF++ Framework 1.0 and WAFPass 1.0 launched on 12 May 2026 on the pre-eve of Cloud Native Conference DE. All eight pillars are stable, the controls library is locked, the PASS scoring model is finalized, and WAFPass is published on PyPI.

WAF++ Framework v1.0.0 — released 12 May 2026
All 8 pillars fully documented with locked control sets, PASS scoring model v1.0, regulatory mapping (GDPR, BSI C5, ISO 27001, SOC 2, HIPAA, NIS2), cross-pillar reference architecture, and stable Antora documentation at waf2p.dev/docs/wafpp/1.0/.
WAFPass v1.0.0 — stable, on PyPI
Full three-component stack: CLI (wafpass-core on PyPI), wafpass-dashboard (22+ pages, SSO, evidence packages, gap analysis), and wafpass-server (FastAPI/PostgreSQL, OIDC/SAML2, API keys, 14 migrations). Install: pip install wafpass-core.
All 8 pillars documented & controls locked
Security pillar (Pillar 1) fully finalized for v1.0.0. All WAF-SEC, WAF-COST, WAF-PERF, WAF-REL, WAF-OPS, WAF-SUS, and WAF-SOV controls are stable and covered by WAFPass tooling. Agentic (Pillar 8) announced for v1.1.
View changelog → GitHub
Release tracker
WAFPass v0.3.0 → v0.4.0 → v1.0.0 released
Mar–May 2026 · GitHub + PyPI · Apache 2.0
All 8 pillars documented done
Pillars 2–8 complete · Pillar 1 initial · CC BY 4.0
Agentic (Pillar 8) announced for v1.1
Dashboard & server stack live
wafpass-dashboard (React) + wafpass-server (FastAPI)
Framework & WAFPass v1.0.0 released
12 May 2026 · PyPI (wafpass-core) + waf2p.dev/docs
2026

Operationalization & Full Rollout

After the v1.0 launch, WAF++ shifts into full operationalization — community pilots, governance finalization, and complete pillar coverage.

Q3 2026

Pilot & Governance Finalization

A pilot project to validate the building-block approach in multi-cloud scenarios, along with finalizing the governance and community model.

Multi-cloud pilot
Governance review
Stabilize community structure
Q4 2026

Stabilization & Ecosystem Growth

With all eight pillars documented ahead of schedule, the focus shifts to hardening the Security pillar, scoring model finalization, and growing the early adopter ecosystem.

Security pillar (Pillar 1) fully documented
PASS scoring model v1 finalized
Cross-pillar reference architecture
Early adopter feedback & controls refinement
STRATEGIC VISION

Roadmap to 2030

Long-term milestones that establish WAF++ as a foundational, community-owned standard for cloud architecture quality.

Governance

Technical Steering Committee

Formal election of a TSC to provide long-term steering for project development — independent of any founding members.

Ecosystem

CNCF Alignment

Full alignment with CNCF project guidelines and best practices — governance, lifecycle, and community model modelled after proven open-source foundations.

Compliance

Auditability

Enable formal auditability according to the WAF++ standard — criteria are traceable, decisions are documented, and outcomes are reproducible.

Certification

WAF++ Certification

Introduce a WAF++ certification program for teams and organizations — a verifiable, community-backed signal of architecture quality.

Transition

Advisory Model

Founders transition into advisory roles — operational decisions are fully owned by the community, TSC, and Working Groups.

SHAPE THE ROADMAP

Help set the direction.

Roadmap priorities are discussed openly in GitHub Discussions and decided via RFCs. Every community member can propose, challenge, or vote on what comes next.

RFC tracker → Governance Changelog