This is a common problem in other parts of the software industry, but Valve is missing a piece of the solution.
The typical problem at software companies is that developers are incentivized only to write code for new features that will land them promotions and look good on their resume--but bugfixes and security work is not part of that.
Management can counteract this with top-down initiatives. Programs like "fix-it week" or teams dedicated to security with different incentives in place. For example, Google suffers from the "promotion-oriented programming" about as badly as any other company, but they manage to take security seriously.
Valve has "flat hierarchy", which goes in quotes because the hierarchy isn't really flat, it's just hidden. Because the hierarchy is hidden, it's harder to address large-scale problems like institutional priorities... because there are fewer people to delegate large-scale problems to.
And then their MMO/MMORPG server gets p0wned, with everyone taking advantage of extra virtual money, adding assets to their characters for free and auto aiming packet correction.
and, as evidenced by Grand Theft Auto and Counter-Strike, players continue playing with hackers.
There is even reason for (say, for example) Rockstar to leave hackers alone in GTA : they act as artificial whales to lure real players into buying in-game currency in order to keep up/seek revenge.
There are a few games I can think of off the top of my head that have a symbiotic relationship with hackers.
The kind of hacking that happens in first person shooters has nothing to do with security failures. It is fundamentally impossible to stop aim bots. All you can do is continually play cat and mouse games to make it harder.
Because the player's computer needs to know where the enemy is in order to render them on the screen, create footstep sounds, calculate shadows, etc. As long as the player has ultimate (root, admin, etc) access on that computer, it will always be possible for a program running with elevated privileges to read that enemy position data from the game's memory and make the required mouse movements to point at it and left-click.
The only way to prevent this is to remove elevated access from the player's computer. This has been done with varying levels of success on consoles, but even then it's only a matter of time.
I think Steam actually primarily catches cheaters by it seeing the other running software rather than looking at the input patterns. I'm not sure whether it would detect a cheat implemented via a camera and custom mouse hardware that sends usb events you didn't do.
But I also think a lot of the hackers in both GTA and CS are cheating in ways that no regular user input could trigger, they're compromising the software at a lower level than that.
The typical problem at software companies is that developers are incentivized only to write code for new features that will land them promotions and look good on their resume--but bugfixes and security work is not part of that.
Management can counteract this with top-down initiatives. Programs like "fix-it week" or teams dedicated to security with different incentives in place. For example, Google suffers from the "promotion-oriented programming" about as badly as any other company, but they manage to take security seriously.
Valve has "flat hierarchy", which goes in quotes because the hierarchy isn't really flat, it's just hidden. Because the hierarchy is hidden, it's harder to address large-scale problems like institutional priorities... because there are fewer people to delegate large-scale problems to.