TeamUSEC

Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development

Philip Klostermeyer, Sabrina Amft, Sandra Höltervennhoff, Alexander Krause, Niklas Busch and Sascha Fahl.
In 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS '24), October 14--18, 2024, Salt Lake City, UT, USA
Website Abstract Cite URL

Abstract

The video game market is one of the biggest for software products. Video game development has progressed in the last decades to complex and multifaceted endeavors. Games-as-a-Service significantly impacted distribution and gameplay, requiring providers and developers to consider factors beyond game functionality, including security and privacy. New security challenges emerged, including authentication, payment security, and user data or asset protection. However, the security community lacks in-depth insights into the security experiences, challenges, and practices of modern video game development. This paper aims to address this gap in research and highlights the criticality of considering security in the process. Therefore, we conducted 20 qualitative, semi-structured interviews with various roles of professional and skilled video game development experts, investigating awareness, priorities, knowledge, and practices regarding security in the industry through their first-hand experiences. We find that stakeholders are aware of the urgency of security and related issues. However, they often face obstacles, including a lack of money, time, and knowledge, which force them to put security issues lower in priority. We conclude our work by recommending how the game industry can incorporate security into its development processes while balancing other resources and priorities and illustrating ideas for future research.

Reference

@inproceedings{conf/ccs/klostermeyer24,
 author = {Philip Klostermeyer and
Sabrina Amft and
Sandra Höltervennhoff and
Alexander Krause and
Niklas Busch and
Sascha Fahl},
 booktitle = {In 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS '24), October 14--18, 2024, Salt Lake City, UT, USA},
 month = {Oct},
 publisher = {ACM},
 title = {Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development},
 url = {https://doi.org/10.1145/3658644.3690190},
 doi = {10.1145/3658644.3690190},
 year = {2024}
}