One of my favorite Richard Thieme riffs talks about the lifecycle of truth as a rriving unseen and unheard, the new truth starts to move to the center and it is at first mocked, then ridiculed, finally accepted as a consensus fact (by which time it is no longer true). Of course, the question is how do you discover these new truths as they are moving towards the center? Where do they emerge from? At least one of the main areas Thieme looked at was uninhibited play and games. This is where we are more free to push the envelope and less constrained by convention.
This also makes the gaming space an interesting place to learn about where security is going. Certainly, lots of segments are trying to improve security, for example financial services, but at the same time, many traditional businesses are hard wired with lots of constraints and feel they can do little to address their existing security issues. So to understand some new directions where the vulnerabilities are to be found in highly distributed systems, what new threats can emerge, how are valuable are purely digital assets, and what new countermeasures might be brought to bear - the study of security in the online game space is an excellent area to mine.
Hoglund and McGraw have written a follow up to their excellent "Exploiting Software" (note - check out CAPEC for more on attack patterns), the new one is called "Exploiting Online Games", for the reasons above and since I enjoy their writing style and way of thinking about exploits, I am looking forward to reading this one.