Interview Study:
Security Challenges in Video Game Development
Why do security vulnerabilities sneak into video games in the first place?
... and what can we do?

πŸ” We are looking for Study Participants #

  1. Do/Did you work within the game development industry in at least one project
  2. Were you either:
    a.) Involved in programming components or leading programming teams that touched security or privacy-related issues in, or that are more broadly part of, a video game product
    (e.g., networking & multiplayer, authentication, payment processes, game engine security, online account & player data privacy, anti-cheat measures, third-party integrations, intellectual property protection, client security, etc.)
    b.) Part of a quality assurance (QA) or security department responsible for verifying features of a video game product or related services
    (e.g., improvement of security-critical bugs, testing beyond gameplay functionality, advising and commenting on security components, etc.)
  3. Do you feel comfortable speaking English (or German) in an interview about your work with us

πŸŽ“ Research Topic

Our research is focused on examining how the video game industry addresses the multifaceted aspects of computer security and privacy within video games. Simply put, we are interested in the day-to-day challenges and experiences of developers in implementing components that might touch security and their secure coding practices.

The goal of our study is to generate insights that can benefit the entire industry. Based on the findings from our interviews, we plan to develop concrete tools, guidelines, and recommendations that can be shared with the industry at large, with the aim of facilitating and enhancing the adoption of robust security practices in the game development process. We greatly appreciate your assistance in contributing to our research efforts. Thank you for your valuable input.

🀫 Confidentiality

We would like to assure you that we take utmost care to anonymize any confidential information that could be linked to you, your projects, or your company. However, due to the nature of our research, we may need to ask specific questions touching on confidential topics to gather relevant data. Nonetheless, each participant has the discretion to choose what information to disclose or which questions to skip. We do not use trick questions or intentionally confuse participants.

Our final publication documents generally are publicly available, and once the write-up is completed, we will publish our work online. Prior to publication, pre-prints will be shared with all participants, allowing you to review, comment, and request changes to any sections of the study that you feel may disclose confidential information.

We value your participation in our study and are committed to maintaining the confidentiality and privacy of your data!

βœ‹ How to participate #

If you are interested and meet the eligibility criteria for our study, we kindly request that you take approximately 5-10 minutes to complete a short questionnaire, which will allow us to gather basic demographic information and obtain a contact email address from you. From the pool of completed questionnaires, we will select participants and send invitations via email so we can schedule an appointment using Calendly. We anticipate that the interview will take approximately 60 minutes of your valuable time. We appreciate your willingness to contribute to our research and value the time and insights you can provide.

πŸ’΅ Compensation #

As a token of our appreciation for your participation in our study and for completing all the necessary steps, we are delighted to provide each participant with compensation in the form of a $100 value, which can be redeemed via PayPal or an Amazon gift card. We recognize the significance of your time and contribution to our research, and we are pleased to offer this compensation as a gesture of gratitude.

πŸ˜• I think, I’m not eligible #

If you do not meet the eligibility criteria for our study, not to worry. It is possible that you may work in a company that employs individuals who belong to the user group we are seeking, or you may have contacts within the community or industry who could potentially participate. In such cases, we would greatly appreciate it if you could help us by forwarding our call for participation, which we have conveniently compiled in a PDF file (game-dev-security-study-2023.pdf).

Your assistance is highly valuable, and we sincerely thank you for supporting our research efforts!

πŸ‘©β€πŸ”¬ Who we are #

We are a research team from the state-funded CISPA Helmholtz Center for Information Security in Germany. Our group studies the intersection of computer security and privacy with human factors. We are particularly interested in investigating end users, administrators, developers, and designers of computer systems and their interdependencies with computer security and privacy mechanisms.

You can find our publications here.


Philip Klostermeyer | Researcher & PhD Candidate (CISPA).

Sabrina Amft | Researcher & PhD Candidate (CISPA)
Alexander Krause | Researcher & PhD Candidate (CISPA)
Niklas Busch | Researcher & PhD Candidate (CISPA)
Prof. Dr. Sascha Fahl | Principal Investigator, Tenured Faculty (CISPA) & Full Professor (Leibniz University Hannover)


CISPA logo

CISPA Helmholtz Center for Information Security

πŸ› οΈ Software Development #

πŸ”’ On Security #

πŸ“° Selected incidents timeline #