I’ve spent more of my career doing server-side stuff than other areas and it’s like night and day when it comes to IT security between server-side dev and gamedev, probably because server-side is networked and generally is done for much more important targets (valuable data and even actual financial assets of big companies, rather than an individual’s game state or machine) so there a big expectation that the best external attackers (and a veritable army of script kiddies) will be hammering at anything a server-side component exposes via a network interface, trying to hack it.
Mind you, I still bitched and moaned at the lack of IT Security awareness of some of my colleagues when I was doing server side stuff :)
And that’s exactly the thing, the threat model is so different. In gamedev, they’re thinking about those networking issues for sure but man oh man are they WAY more worried about RCE in those drivers you mentioned earlier.
Why? For the same reason Emacs is a text editor, internet browser, and Spotify client. For the same reason that “will it run doom” is even a question. Because their game got hacked before they even opened the first text file to make the game
And that’s not even to mention security. I’m in a CS course right now, and sure we talk about cyber security and social networking and blah blah blah.
Go ask a game dev about their security patches and you’ll see the WORLD of difference in the two spaces
Oh, man, yes.
I’ve spent more of my career doing server-side stuff than other areas and it’s like night and day when it comes to IT security between server-side dev and gamedev, probably because server-side is networked and generally is done for much more important targets (valuable data and even actual financial assets of big companies, rather than an individual’s game state or machine) so there a big expectation that the best external attackers (and a veritable army of script kiddies) will be hammering at anything a server-side component exposes via a network interface, trying to hack it.
Mind you, I still bitched and moaned at the lack of IT Security awareness of some of my colleagues when I was doing server side stuff :)
And that’s exactly the thing, the threat model is so different. In gamedev, they’re thinking about those networking issues for sure but man oh man are they WAY more worried about RCE in those drivers you mentioned earlier.
Why? For the same reason Emacs is a text editor, internet browser, and Spotify client. For the same reason that “will it run doom” is even a question. Because their game got hacked before they even opened the first text file to make the game