For high risk repositories such as Harden Windows Security, I will always be the only one who can merge pull requests or change content. This is to ensure that no malicious code is added to the repository.
The Harden Windows Security repository has no collaborator.
Harden Windows Security repository on Azure DevOps and its parent organization has no other users than me.
I use SSH key to sign all of my pushes.
My Microsoft account is passwordless and protected with MFA using Microsoft Authenticator app, physical security key and backup code, it doesn not use insecure authentication methods such as passwords or SMS 2FA codes. You can rest assured that any service tied to my Microsoft account such as Azure DevOps, GitHub, etc. is completely protected and I will always be the only one who can access it.
Since there is nothing absolute in the universe and that includes Security and CyberSecurity too, for the 0.0000000001% chance that my account gets compromised, Use the following steps to verify the integrity of my repositories:
Please read the Trust section in Harden Windows Security repository. The same process applies to all of my repositories.
Read more about the Assume Breach concept here
Report any vulnerability or issue either using Issues section or using this security section if you belive it shouldn't be disclosed publicly. Thank you!
I can also be reached privately at: spynetgirl@outlook.com