diff --git a/ESAPI-3.0.0-ROADMAP.md b/ESAPI-3.0.0-ROADMAP.md
new file mode 100644
index 0000000..1152fb9
--- /dev/null
+++ b/ESAPI-3.0.0-ROADMAP.md
@@ -0,0 +1,32 @@
+# Roadmap for ESAPI 3.0.0
+
+## Google-SoC Tasks
+
+### Provide implementations of the interfaces (in a seperate project, as a standalone component) that implements the following interfaces
+  
+* Encoder
+* Validator
+* Authenticator
+* AccessController
+  
+These implementations can be wrappers around existing tools, the primary purpose of this exercise is to evaluate the provided APIs to ensure that the interfaces are usable to developers. 
+  
+### Test Suite
+
+ESAPI 3.0.0 will provide an additional component (ESTAPI - thanks to Dinis Cruz for the name) which will allow implementors to run tests against their implementations of a given control to ensure that it is in fact implemented securely. For GSoC I would like to focus this effort on a set of concrete tests for the Validator and Encoder interfaces as well as a fuzz test against both of those interfaces as well. Propose a design for how the tests will function and be run, then create a new repository (and link back to ESAPI/esapi-java) with your implementation.
+  
+### Centralized Security Policy Manager
+
+One of the things that ESAPI aimed to provide was a means to enforce a centrally managed enterprise security policy in a provable way. Propose an idea and implement a proof-of-concept using the following design concepts:
+  
+* The enterprise security policy should be published in a parseable format - it can be XML, JSON, or any other schema based language.
+* The enterprise security policy should allow downstream configuration overrides, but provide a audit event indicating a policy item has been overridden by a child policy
+* The enterprise security policy should have a simple interface for configuration of the policy parameters, and should provide sane defaults for all controls
+
+## Release Goals
+
+1. *Design Verification* - Interfaces should be fairly locked down at the first release. The interfaces should be tested thoroughly by implementing a baseline set of components *and* testing inclusion of those components in real-world applications. 
+1. *Solid interface documentation* - All interfaces should be fully documented in Javadoc
+1. *Component Community Library* - An Apple Store'esque implementation of a community containing reviewed and approved controls that implementors can pull into their projects
+1. *Discovery* - The ESAPI should provide a discovery module that discovers, registers, and configures controls (according to the enterprise security policy) - this can function similar to OSGi
+1. *ESTAPI* - A full suite of tests that can provide assurance that controls are implemented correctly. ESTAPI testing will be a pre-requisite to inclusion in the Component Community Library.
diff --git a/README.md b/README.md
index 97d49e9..fde322a 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,11 @@ Welcome to the Home of ESAPI 3.x
 
 News
 ==========
-2 Sept 2014 - We are gearing up to get some great stuff done at AppSecUSA in Denver this month. We'll be announcing our schedule and where we'll be at the conference soon! Stay tuned!
+First off, if you are looking for a version of ESAPI to use with your JVM-based project, this is not the one you are looking for. Instead, you want the latest ESAPI 2.x version from [esapi-java-legacy](https://github.com/ESAPI/esapi-java-legacy). This ESAPI repo is for the development of ESAPI 3 which
+is still in the _very early_ planning stages. The code that is currently in this GitHub repo (as of 2020-07-17) is likely to be completely rewritten, possibly several times, therefore please do not bother to submit PRs or GitHub issues relating to outdated or vulnerable dependencies. ESAPI 3 has not been released, even as a Release Candidate and we will make sure all the dependencies are updated when we do get around to making RC versions available.
 
+If you wish to participate, please sign up for the Google Group "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", and feel free to start a new discussion thread. Note you MUST subscribe to the Google Group list before you may POST to it. [Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join).
 
-For more information on ESAPI or information on ESAPI 2.x please visit our wiki page at https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
+Notes
+==========
+For more information on ESAPI or information on ESAPI 2.x please visit our wiki page at https://owasp.org/www-project-enterprise-security-api/ and before you start using ESAPI, do yourself a favor and be sure to read the "[Should I use ESAPI?](https://owasp.org/www-project-enterprise-security-api/#div-shouldiuseesapi)" tab there.
diff --git a/pom.xml b/pom.xml
index 0655b75..3b87637 100644
--- a/pom.xml
+++ b/pom.xml
@@ -147,7 +147,7 @@
         <dependency>
             <groupId>org.testng</groupId>
             <artifactId>testng</artifactId>
-            <version>6.8.5</version>
+            <version>7.7.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -158,4 +158,4 @@
         </dependency>
     </dependencies>
 
-</project>
\ No newline at end of file
+</project>