🔍 We are looking for Study Participants #
- Do/Did you work within the game development industry in at least one project
- Were you either:
a.) Involved in programming components or leading programming teams that touched security or privacy-related issues in, or that are more broadly part of, a video game product
(e.g., networking & multiplayer, authentication, payment processes, game engine security, online account & player data privacy, anti-cheat measures, third-party integrations, intellectual property protection, client security, etc.)
b.) Part of a quality assurance (QA) or security department responsible for verifying features of a video game product or related services
(e.g., improvement of security-critical bugs, testing beyond gameplay functionality, advising and commenting on security components, etc.)
- Do you feel comfortable speaking English (or German) in an interview about your work with us
🎓 Research Topic
Our research is focused on examining how the video game industry addresses the multifaceted aspects of computer security and privacy within video games. Simply put, we are interested in the day-to-day challenges and experiences of developers in implementing components that might touch security and their secure coding practices.
The goal of our study is to generate insights that can benefit the entire industry. Based on the findings from our interviews, we plan to develop concrete tools, guidelines, and recommendations that can be shared with the industry at large, with the aim of facilitating and enhancing the adoption of robust security practices in the game development process. We greatly appreciate your assistance in contributing to our research efforts. Thank you for your valuable input.
We would like to assure you that we take utmost care to anonymize any confidential information that could be linked to you, your projects, or your company. However, due to the nature of our research, we may need to ask specific questions touching on confidential topics to gather relevant data. Nonetheless, each participant has the discretion to choose what information to disclose or which questions to skip. We do not use trick questions or intentionally confuse participants.
Our final publication documents generally are publicly available, and once the write-up is completed, we will publish our work online. Prior to publication, pre-prints will be shared with all participants, allowing you to review, comment, and request changes to any sections of the study that you feel may disclose confidential information.
We value your participation in our study and are committed to maintaining the confidentiality and privacy of your data!
✋ How to participate #
If you are interested and meet the eligibility criteria for our study, we kindly request that you take approximately 5-10 minutes to complete a short questionnaire, which will allow us to gather basic demographic information and obtain a contact email address from you. From the pool of completed questionnaires, we will select participants and send invitations via email so we can schedule an appointment using Calendly. We anticipate that the interview will take approximately 60 minutes of your valuable time. We appreciate your willingness to contribute to our research and value the time and insights you can provide.
💵 Compensation #
As a token of our appreciation for your participation in our study and for completing all the necessary steps, we are delighted to provide each participant with compensation in the form of a $100 value, which can be redeemed via PayPal or an Amazon gift card. We recognize the significance of your time and contribution to our research, and we are pleased to offer this compensation as a gesture of gratitude.
😕 I think, I’m not eligible #
If you do not meet the eligibility criteria for our study, not to worry. It is possible that you may work in a company that employs individuals who belong to the user group we are seeking, or you may have contacts within the community or industry who could potentially participate. In such cases, we would greatly appreciate it if you could help us by forwarding our call for participation, which we have conveniently compiled in a PDF file (game-dev-security-study-2023.pdf).
Your assistance is highly valuable, and we sincerely thank you for supporting our research efforts!
👩🔬 Who we are #
We are a research team from the state-funded CISPA Helmholtz Center for Information Security in Germany. Our group studies the intersection of computer security and privacy with human factors. We are particularly interested in investigating end users, administrators, developers, and designers of computer systems and their interdependencies with computer security and privacy mechanisms.
You can find our publications here.
Sabrina Amft | Researcher & PhD Candidate (CISPA)
Alexander Krause | Researcher & PhD Candidate (CISPA)
Niklas Busch | Researcher & PhD Candidate (CISPA)
Prof. Dr. Sascha Fahl | Principal Investigator, Tenured Faculty (CISPA) & Full Professor (Leibniz University Hannover)
📚 Related work #
🛠️ Software Development #
-  Ullmann et al.: Video Game Project Management Anti-patterns (GAS)
-  Murphy-Hill et al.: Cowboys, Ankle Sprains, and Keepers of Quality: How is Video Game Development Different from Software Development? (ICSE)
-  Kanode et al.: Software Engineering Challenges in Game Development (ITNG)
🔒 On Security #
-  Zhao: Cyber security issues in online games (AIP)
-  Mohr et al.: IT Security Issues Within the Video Game Industry (IJCSIT)
-  Chang et al.: The Security System Design in Online Game for u Entertainment (AINAW)
-  Ki et al.: Taxonomy of online game security (Electronic Library)
📰 Selected incidents timeline #
-  Near-Complete Far Cry Source Code Leaks Online (kotaku.com)
-  CS:GO: From Zero to 0-day (neodyme.io)
-  Fans Freak Out As Zelda: Tears Of The Kingdom Leaks Two Weeks Early (kotaku.com)
-  The Diablo 4 beta has been bricking graphics cards (techspot.com)
-  Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game (decoded.avast.io)
-  Dark Souls servers taken down due to an exploit ‘that could let someone take over your PC’ (videogameschronicle.com)
-  Hackers abuse Genshin Impact anti-cheat system to disable antivirus (bleepingcomputer.com)
-  Grand Theft Auto 6 leak: who hacked Rockstar and what was stolen? (theguardian.com)
-  Battle.net has recovered from DDoS attack, Blizzard says (theverge.com)
-  Ubisoft confirms Just Dance data breach amid developer exodus (zdnet.com)
-  Amazon’s New World beta is reportedly destroying RTX 3090 cards (techspot.com)
-  CD Projekt Red says it was hacked but won’t pay the ransom (engadget.com)
-  Source Engine remote code execution via game invites (secret.club)
-  Valve Patches Exploit That Let You Add Infinite Steam Wallet Money (kotaku.com)
-  A Directory Traversal Attack on Punkbuster Server can be Leveraged to Gain Remote Code Execution (medium.com)
-  Ubisoft Hacked And Private User Data Posted (happygamer.com)
-  XSS slip-up exposed Fortnite gamers to account hijack (portswigger.net)
-  Game Over for Hackers: Critical Account Takeover Vulnerability Discovered and Patched in EA Games (cyberint.com)
-  Zero-day in EA’s Origin exposes gamers to yet more RCE pwnage (portswigger.net)