Roadmap

v2.x

Below is a preliminary summary of our wishes, dreams and aspirations for Cornucopia. If you have suggestions, ideas, please feel free to discuss them on our email list or submit them to our list of issues in our repository. If you feel like and have the opportunity to help with any of the issues below, do not hesitate to get in touch.

Ordered alphabetically and not according to priority.

  • Build the requirement map on the card using OpenCRE for easier maintenance and collaboration. cornucopia #595
  • Endpoint per card with more information available. copi #6
  • Ensure the converter can create print-ready proofs for print-on-demand jobs. cornucopia #583
  • Include QR codes on the Cornucopia cards. cornucopia #382
  • Language review of the existing translations. cornucopia #596
  • Migrate the wiki deck to the new OWASP Cornucopia website. cornucopia #1
  • Seek worldwide translators and incorporate additional translations for other languages.

Getting Involved

Involvement in the development and promotion of Cornucopia is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help are listed below.

Localization

Are you fluent in another language? Can you help translate Cornucopia into that language? Note this is a very large task due to the number of documents involved, but the strings are now all available in textual data files.

Use and Promote the Cornucopia Card Decks

Please help raise awareness of Cornucopia by:

  • Printing decks of cards and giving them away
  • Using Cornucopia with specifiers, architects, designers, developers, testers and others, in part to train them, but also to solicit feedback on their usability, practicality and appropriateness for their work
  • Creating videos about how to play the game
  • Developing a mobile app to play the game

Feedback

Please use the friendly project Google Group for feedback:

  • What do you like?
  • What don’t you like?
  • What cards don’t make sense?
  • How could the guidance be improved?
  • What other decks would you like to see?

Keep the Cards Updated

As the source referenced documents change, we have to update the decks. You may also find errors and omissions. In the first instance, please send a message to the project’s Google Group if you have identified errors & omissions, have some time to maintain the source documents, or can help in other ways.

Create a New Deck

The first deck, Cornucopia Ecommerce Website Edition, has been renamed Cornucopia Website App Edition and is currently available in six languages. There is also a mobile app specific deck called Cornucopia Mobile App Edition available in English only. Do you have an idea for your own application security requirements card deck?

Logo of the OWASP foundation

OWASP Cornucopia

  • OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology-agnostic, and is free to use.
  • OWASP Cornucopia is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar licence to this one.
  • © 2012-2025 OWASP Foundation. The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

OWASP and the OWASP logo are trademarks of the OWASP Foundation

Last update was Fri, 31 Jan 2025 15:30:05 GMT

Licensing information | Acknowledgements | Q & A | Roadmap

© OWASP Foundation 2025 rss | Sitemap