Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development

Abstract

The video game market is one of the biggest for software products. Video game development has progressed in the last decades, from its early stages of exploring and creating fun virtual worlds to more complex and multifaceted endeavors. Games-as-a-Service significantly impacted distribution and gameplay, requiring providers and developers to consider factors beyond just game functionality, including player engagement and monetization. New security challenges emerged, including authentication, payment security, and user data or asset protection. However, the security community lacks in-depth insights into the security practices, experiences, and challenges in modern video game development. This paper aims to address this gap in research and highlights the criticality of security in video game development. Therefore, we conducted 20 qualitative, semi-structured interviews with various roles of professional and skilled video game development experts, investigating awareness, priorities, knowledge, and practices regarding security in the industry through their first-hand experiences. We find that game developers are aware of the urgency of security and related issues. However, they often face obstacles, including a lack of money, time, and knowledge, which force them to put security issues lower in priority. We conclude our work by recommending how the game industry can incorporate security into its development processes while balancing other resources and priorities and illustrating ideas for future research.

Alexander Krause

PhD Candidate for Usable Security

My research interests include usable security with a focus on expert groups such as developers or cryptographers, as well as end-users.