Video games are already full of exploits. That's what allows a rich modding scene to thrive.
Video games sit in this really weird place in software engineering where 'security' in the traditional sense doesn't necessarily apply.
Games are either single-player and don't really make any sense to exploit, or are multiplayer and have weird kernel-level DRM and anti-cheat, and on the server side, mainly host multiplayer matchmaking and servers.
Even if games have been exploited maliciously, users would have to go out of their way to find a malware-laden version on a shady BitTorrent website, and in that case the BitTorrent protocol is the real vector, not the video game itself.
Don't get me wrong, I'm not saying video game RCEs aren't security a problem—but they have fairly extensive positive implications that might not be usually considered.
> Video games are already full of exploits. That's what allows a rich modding scene to thrive
I'm not sure I see the correlation? unless you explicitly mean online modding, which I'm not sure it happens that often.
I've been modding games for a few years and it's mostly interacting with Windows API and its capability to access other processes in the same user space by injecting DLLs. I've never looked for vulns inside the game itself.
If you refer to online modding, usually while they're local some games allow it, but as soon as it affects gameplay they're very rarely what I would say they're wide enough 'to thrive'.
It is true that the term of security doesn't apply that often to offline games, though.
Wouldn't be nearly as much of a problem if they didn't cheap out on the multiplayer and make it P2P instead of hosting proper servers. Valve's Source engine has been leaked half a dozen times and I don't think there's ever been a client-to-client RCE ever because servers are fully authoritative and clients have very limited control over what happens on the server.
Video games sit in this really weird place in software engineering where 'security' in the traditional sense doesn't necessarily apply.
Games are either single-player and don't really make any sense to exploit, or are multiplayer and have weird kernel-level DRM and anti-cheat, and on the server side, mainly host multiplayer matchmaking and servers.
Even if games have been exploited maliciously, users would have to go out of their way to find a malware-laden version on a shady BitTorrent website, and in that case the BitTorrent protocol is the real vector, not the video game itself.
Don't get me wrong, I'm not saying video game RCEs aren't security a problem—but they have fairly extensive positive implications that might not be usually considered.