OWASP Game Security Framework

Start Here

Project Status
Two-Year Roadmap
2026 Goal
2027 Goal
Success Criteria for This Stage

Community and Collaboration

GitHub Repository
GitHub Issues
GitHub Pull Requests
OWASP Slack: #game-security-framework

Project Status

The OWASP Game Security Framework (OGSF) project started in January 2025.

From January 2025 to January 2026, the project focused on scoped drafting, structure definition, and close review with selected peers and subject matter experts.

The project is now entering its public review phase so the wider community can review, comment on, and help improve the framework.

Two-Year Roadmap

2026 Goal

Publish OGSF for public review, stabilize the framework structure, build contributor workflow, and prepare the project for OWASP Lab promotion.

Q1 2026 - Public Review Launch

Publish the public review draft of OGSF on the OWASP project page and GitHub
Clearly define project scope, intended audience, and non-goals
Open public feedback channels through GitHub issues and OWASP Slack
Publish contribution guidelines and review workflow
Standardize project naming, terminology, and document structure

Review and triage community comments
Resolve structural issues, gaps, overlaps, and inconsistent terminology
Refine the verification categories and requirement language
Publish an updated draft incorporating public feedback
Add initial worked examples to show how OGSF can be applied in practice

Q3 2026 - Release Readiness and Project Hygiene

Prepare the first stable OGSF release candidate
Improve project documentation, navigation, and release notes
Ensure GitHub issues, pull requests, and support channels are actively maintained
Confirm leadership, contributor workflow, and roadmap are up to date
Prepare evidence and materials needed for OWASP Lab promotion review

Q4 2026 - Stable Release and Lab Promotion Request

Publish the first stable public OGSF release
Submit the project for OWASP Lab promotion review
Address any feedback received during the promotion process
Document a maintenance plan for the following year

2027 Goal

Operate OGSF as a stable, community-reviewed project, improve clarity and coverage, and build evidence of adoption and usefulness.

Q1 2027 - OGSF v1.x Consolidation

Publish a refined post-review version of OGSF
Incorporate promotion review feedback if applicable
Improve readability, consistency, and cross-references
Expand contributor onboarding materials

Q2 2027 - Examples and Mappings

Publish a small set of worked examples showing how OGSF can be used
Add or improve mappings to related OWASP resources where useful
Clarify level expectations and verification intent
Collect implementation and reviewer feedback from early adopters

Q3 2027 - Community Maturity

Run focused review cycles on selected sections
Encourage external contributions from game developers, security practitioners, and testers
Continue release maintenance and issue response
Track signs of project usefulness such as references, contributions, downloads, and discussions

Q4 2027 - Maintenance and Next-Step Review

Publish an annual update release
Review whether the project is ready to remain in sustained Lab maturity or begin planning toward future Production readiness
Refresh roadmap, governance, and contributor documentation
Document lessons learned from the first public review cycle

What This Roadmap Does Not Include Yet

To keep the project realistic and maintainable, the current two-year plan does not make open-source tooling, annual industry reports, or flagship status a primary objective.

These may be considered later if the project builds enough contributor capacity and long-term maintenance support.

Success Criteria for This Stage

Public draft released and reviewed by the community
Stable release published and maintained
Contribution process and support channels operating consistently
Project roadmap and documentation kept current
Clear evidence that OGSF provides practical value to reviewers and users
Project is in a strong position for or already at OWASP Lab maturity

Watch Star

Project Information

Overview

The OWASP Game Security Framework (OGSF) is a community-driven OWASP project focused on improving security guidance for modern games and connected game ecosystems.

The project is currently in Incubator status and is in its public review phase.

Project Snapshot

Field	Value
Project Name	OWASP Game Security Framework
Short Name	OGSF
Status	OWASP Incubator Project
Type	Documentation / Framework
Start Date	January 2025
Current Phase	Public review and community feedback
Primary Repository	www-project-gamesec-framework
Framework Draft	OGSF Framework Draft
Main Discussion Channel	OWASP Slack `#game-security-framework`
Issues and Feedback	GitHub Issues
Contributions	Contributing Guidelines

Purpose

OGSF is intended to help the game industry define, review, and improve security requirements for games and game-connected systems.

The project focuses on practical security concerns across the wider game ecosystem, including game clients, backend services, multiplayer trust, identity, connected APIs, virtual economies, and abuse scenarios.

Intended Audience

OGSF is intended for:

game developers and technical leads
product security and application security teams
penetration testers and reviewers
architects and technical decision-makers
researchers and contributors interested in game security

Current Priorities

The current priorities of the project are:

publish and maintain the public review draft
gather and triage community feedback
improve wording, structure, and consistency
prepare the project for future OWASP Lab promotion review

How to Engage

Read the OGSF Framework Draft
Join OWASP Slack: #game-security-framework
Submit comments and suggestions through GitHub Issues or OWASP GSF slack channel.
Contribute improvements through Pull Requests

Project Leaders

Current Leadership

Name	Role	Contact
Ozhan Sisic	Project Leader	[email protected]

Contributors

Name	Role	Contact
Ezgi Bulbul	Contributor	[email protected]
Jerry Hoff	Contributor
Grant Aroyan	Contributor

Future Expansion

Additional co-leads, reviewers, and long-term contributors may be added as the project grows.