Re: Am I glad that I'm not in this circus
It doesn't entirely "get rid of the problem".
Using a private code repository that's not shared with people and organizations outside yours reduces the attack surface and risk quite a bit, yes.
Using an in-house code repository that's not accessible on the public Internet reduces it further. But as we know, the "egg model" (hard network perimeter, soft inside) fails all over the place, because some attackers do get in, and then they pivot and elevate. So security is improved but there are still serious vulnerabilities.
Using a code repository that is just a code repository and not some glorified all-in-one mess of repository and CI/CD system and code-review tool and problem-ticketing tool and probably there's a flight simulator in there somewhere, like GitHub Enterprise, considerably reduces the attack surface and further improves security.
Using a code repository where some developer hasn't broken the permissions mechanism with a random change that wasn't caught until an external security researcher looked at it improves security.
You can never get to absolutely secure – there's no such thing. But, yeah, not using public fucking GitHub certainly improves the situation.
Seventy-three million developers can be wrong.