Interview Study: Security Challenges in Video Game Development Why do security vulnerabilities sneak into video games in the first place? ... and what can we do?
Do/Did you work within the game development industry in at least one project
Were you either:
a.) Involved in programming components or leading programming teams that touched security or privacy-related
issues in, or that are more broadly part of, a video game product (e.g., networking & multiplayer,
authentication, payment processes, game engine security, online account & player data privacy, anti-cheat measures,
third-party integrations, intellectual property protection, client security, etc.)
b.) Part of a quality assurance (QA) or security department responsible for verifying features
of a video game product or related services (e.g., improvement of security-critical bugs, testing beyond gameplay functionality,
advising and commenting on security components, etc.)
Do you feel comfortable speaking English (or German) in an interview about your work with us
π Research Topic
Our research is focused on examining how the video game industry addresses the multifaceted aspects of computer
security and privacy within video games. Simply put, we are interested in the day-to-day challenges and experiences of
developers in implementing components that might touch security and their secure coding practices.
The goal of our study is to generate insights that can benefit the entire industry. Based on the findings from
our interviews, we plan to develop concrete tools, guidelines, and recommendations that can be shared with the industry
at large, with the aim of facilitating and enhancing the adoption of robust security practices in the game development
process. We greatly appreciate your assistance in contributing to our research efforts. Thank you for your valuable input.
π€« Confidentiality
We would like to assure you that we take utmost care to anonymize any confidential information that could be linked to
you, your projects, or your company. However, due to the nature of our research, we may need to ask specific questions
touching on confidential topics to gather relevant data. Nonetheless, each participant has the discretion to choose what
information to disclose or which questions to skip. We do not use trick questions or intentionally confuse participants.
Our final publication documents generally are publicly available, and once the write-up is completed, we will publish
our work online. Prior to publication, pre-prints will be shared with all participants, allowing you to review, comment,
and request changes to any sections of the study that you feel may disclose confidential information.
We value your participation in our study and are committed to maintaining the confidentiality and privacy of your data!
If you are interested and meet the eligibility criteria for our study, we kindly request that you take approximately
5-10 minutes to complete a short questionnaire, which
will allow us to gather basic demographic information and obtain a contact email address from you. From the pool of
completed questionnaires, we will select participants and send invitations via email so we can schedule an appointment
using Calendly. We anticipate that the interview will take approximately 60 minutes of your valuable time. We appreciate
your willingness to contribute to our research and value the time and insights you can provide.
As a token of our appreciation for your participation in our study and for completing all the necessary steps, we are
delighted to provide each participant with compensation in the form of a $100 value, which can be redeemed via PayPal
or an Amazon gift card. We recognize the significance of your time and contribution to our research, and we
are pleased to offer this compensation as a gesture of gratitude.
If you do not meet the eligibility criteria for our study, not to worry. It is possible that you may work in a company
that employs individuals who belong to the user group we are seeking, or you may have contacts within the community or
industry who could potentially participate. In such cases, we would greatly appreciate it if you could help us by
forwarding our call for participation, which we have conveniently compiled in a PDF file
(game-dev-security-study-2023.pdf).
Your assistance is highly valuable, and we sincerely thank you for supporting our research efforts!
We are a research team from the state-funded CISPA Helmholtz Center for Information Security in Germany. Our group
studies the intersection of computer security and privacy with human factors. We are particularly interested in
investigating end users, administrators, developers, and designers of computer systems and their interdependencies
with computer security and privacy mechanisms.
