Video Game Security Should Be Simple for Developers
Video games continue to explode in popularity, and the number of potential attack vectors within games continues to increase as well. In this latest The New Stack Makers podcast cohosts Alex Williams, (publisher and founder of TNS) and Bharat Bhat (Okta marketing lead for developer relations) cover why and how video game platforms and connections should be more secure, with guest Okta senior developer advocate Nick Gamb.
The gaming industry has often served as a showcase for some of the industry’s greatest programming talents. As a case in point, John Carmack’s C++ code underpinning “Doom” is considered one of the historical greats of programming, not just for gaming, but for software in general. For Gamb, while growing up, playing “Quake” and “Doom” before studying the code for these games served as his entry point into the software industry.
“As soon as the source code for those engines were released, I started taking [the games] apart, reverse engineering things, figuring out how they worked and adding my own stuff to them at a very young age,” said Gamb. “This is actually how I learned to code and pretty much all of the software development that I’ve done since is built on that foundation.”
Despite continuing to attract great software engineering talent, video game companies produce software that is not as secure as it should be. Authentication processes can be complex to implement, especially when there can be millions of connections to manage simultaneously for a given game. For the large game publishers with multiple titles, the number of connections — and thus potential attack vectors — can increase exponentially. At the same time, developers are also generally making performance for users their priority, as is the case with developers in many sectors, so security often remains an afterthought.
Most game engines with which Gamb has interacted lack “a concept built in for identity security,” Gamb said. “They have certain recommendations that are pretty generic, but at the end of the day, there’s nothing built-in and what is available doesn’t really follow security best practices, which is kind of a big problem. Developers typically are left trying to retrofit concepts from other development environments that don’t work and they’re using limited or incomplete open source solutions, or are trying to build it themselves with little to no learning resources that are focused on gaming,” said Gamb. “So, that’s kind of the big issue that I’ve been seeing: people are left to their own devices.”
Considering that authentication is “a complicated thing,” one of the missions of Okta is to “make it easier” to build in security to gaming platforms and development, especially for authentication. “You take less risk on and we make it easier because you don’t have to learn all these protocols really deeply,” said Bhat.