I agree with the gist of what you're saying, which is that it's not possible to fully 'solve' security in video games by good security architectural design – it's just that for 99% of games out there, there is not even an attempt to solve part of it. The discussion goes as you say – the gameplay would suffer if greater security is taken into account and due to this these problems rarely get the talent they might need if the problems were to be solved better.
In my experience that’s broadly unfair. Cheating is a big issue for the integrity of online games and something taken seriously. Although I’m coming at it from the other direction and might have been very lucky with the projects I’ve worked on. There is an obvious trade off between making a game that people want to play and making it secure. And that trade off gets stronger towards gameplay the more latency sensitive the game is.
I guess what I’m actually saying is that good security design has to extend to the client in those cases. Defence in depth.
I also think it’s unfair to suggest this is an issue due to lack of talent. Although I’d be open to knowing what you think is lacking in particular.
Right but that suggests either there isn't a lack of talent and they don't need to hire security engineers or there is a lack of talent and hiring security engineers would fill that gap.
Since you suggest there is a lack of talent I'm just curious what you think the gap is.
