While [John Carmack] said id Software is especially careful to lock down its game engines, companies that license and make changes to those engines often aren’t as focused, which could open the door to disaster.
While it hasn’t happened yet, Carmack thinks it’s just a matter of time before some clever hacker finds a way to insert a virus into a game engine.
“Security’s a twitchy thing,” he said. “If anything, the game industry has dodged a bullet because [when a virus does get inserted into a game engine] someone who’s playing a game at work will unknowingly let loose something catastrophic.”
From: Luigi Auriemma
Date: Fri, 2 Jun 2006 18:46:03 +0200
Subject: Client buffer-overflow in Quake 3 engine (1.32c / rev 795)