I'm not a hacker, and I don't play one on TV. I just make video games.
That said, I find myself with one foot in each industry. I'm spending just as much time at hacker cons as at gamer cons. My days at work flip back and forth between "level 4 crashes on load" and "no, you cannot plug your USB drive into my GDC demo computer, you random freak."
From a game developer's perspective, most of the time at industry events when I bring up security concerns - possibilities ranging from piracy to unencrypted ecommerce transactions to keystroke logging employee computers - the attitude is, "It's a compliment! People care about our game!"
This is in fact the entirety of the industry attitude I see about game hacking in general. Which bothers me, in that there's real money being lost (not necessarily by current MMOs but in games that support microtransactions and certainly in online gambling or "games of skill"), and therefore real game companies closing and laying off real people who happen to be my friends. Or me.
It seems like what's on the very few gaming-related hacker blogs, or hacker-related gaming blogs, is .001% of what's actually going on. It frustrates me that there's no open dialogue about this in the game development world. I'm sure Blizzard has a good security team on staff (or I would if I were them), but they're not talking to the rest of us.
So how does the industry start learning from itself?
Tuesday, March 4, 2008
Subscribe to:
Post Comments (Atom)
2 comments:
: "but they're not talking to the rest of us."
: So how does the industry start learning from itself?
You answer your own question of course, but like most vendors before them, there isn't much motivation to do so. Airing dirty laundry in order to help others learn has no ROI that executives can see, no guarantee if they share information that other companies will do the same and making the company lawyers start cutting themselves while suddenly finding solace in _The Cure_.
I agree that "airing dirty laundry" can easily be argued against (though Mozilla seems to believe it has a good ROI.)
But it seems that there's a larger problem in the lack of industry dialog. It's exceptionally difficult to find security-related talks at game industry conferences, or security-related articles in game industry journals. While I can understand not wanting to discuss specific exploits in one's game, I don't understand the lack of discussion about the topic generally. We make software. We should be concerned about this.
Post a Comment