[MrCheeze]

I've wondered myself why there's so little overlap between these two closely related interests of mine. Some of it seems to be the "But I don't want to cure cancer. I want to turn people into dinosaurs." effect, where some of the people working on exploiting games ONLY care about what can be done in their one game of interest - it doesn't always generalize to interest in using the same techniques against everything else.

Of course there's also the fact that exploiting 20-30 year old games is just vastly easier than modern software, due to the total lack of mitigations in them. And that's on top of the fact that with popular games, you're building on decades of reverse engineering work rather than (potentially) starting from scratch. And the arguably superior toolset (savestates etc).

But I think a very big factor is the one this blogpost is trying to address - most people just don't know anything at all about the vuln research industry, which is not exactly searching for attention in the ways that speedruns broadcast to hundreds of thousands of viewers for charity are.

[orbital-decay]

Because actual gaming vulnerability researchers that do know who they are are called cheaters and are mostly active in cutthroat PvP games, not single player ones. Just ask the developers of Rust (the game, not the language), they know everything about it. They were one of the very few devs to ask the community to do what all communities in such games always do anyway - find exploits and glitches, and publish them on Youtube. As a result, they ended up with a game that is pretty robust to item duplication and general exploits.

[julianeon]

Actually this implies there's probably an opening in YouTube for someone to make vulnerability videos in the style of speed run videos. And then poaching some of that audience, and riding the sponsorship opportunities. Not my skillset but yeah, I could definitely see that working.

[minimaxir]

For HN reference, MrCheeze is well known and has done quite a lot of work over the years glitch-hunting in older games. (and is cited in the SethBling video posted several times in this thread)

[Boldened15]

Since speedrunners who find glitches are obviously very technical, do they usually already have some sort of day job in tech? I imagine it might be easier and just as lucrative to work on some CRUD app 9-5 and devote the rest of their time to research/streaming, and may be preferable to overloading their brain with even more of the same kind of research.

[effortfeedslazy]

I know a speedrunner who turned down a promotion beyond their data job because they were in a role that they already had automated a large chunk of, and wanted to stay in it so they could keep pretending to be busy at work while instead practicing speedruns.

[MrCheeze]

As an n=1 data point, that was my exact situation for a while. Also a lot of the people who put out high effort stuff are college students, which works for the same reason.

More interestingly and more surprisingly, some of the people who work on exploiting games _don't_ do any sort of tech work and have no background in compsci - they're purely self educated just for the sole purpose of breaking the one game they're interested in. This was the case for some of the biggest contributors to ACE in Zelda Ocarina of Time.