This is a very quick guide to help Pakistani entities devise secure computing policies. It has been put together in haste because of other engagements the author must honor. I invite fellow Pakistanis to contribute to this thread. In devising a secure computing platform, the first order of business is the selection of a secure hardware platform. Commerical off-the-shelf (COTS) hardware platforms such as the intel platform have been known to have flaws that allow programs to access information they are not intended to access. The interested reader should lookup sidechannel attacks, especially the recent 'Meltdown', 'Spectre', and 'Foreshadow' attacks. Similarly, there are instances where the exact same binary BIOS code run on two different computers produced different results. The problem turned out to be hidden logic in the BIOS of one of the systems. In order to guard against such attacks, a secure computing hardware architecture must be designed and built within the country. The next piece of the puzzle might surprise many readers. It is important to write an indigenous compiler, to ensure secure computing. One of the most insidious hacks (apart from hidden logic in hardware), is malware within the compiler itself that adds extra code to the binary program being produced by the compiler. It is important to realize that a compiler doesn't need to be written from the grounds up. Rather, people need to be trained in a high performance, open source compiler such as GCC. GCC is a collection of compilers, hence, a set of languages must be selected. The team of specialists should start with a current version of the GCC compiler, and understand every single line of GCC that is relevant for the selected languages. This understanding must be enshrined in a set of test cases that prove the relevant pieces of code actually perform the tasks which the specialists think it does. Once this mastery has been achieved, they can then start modifiying the code to suite their own needs. As new features are released in the open source compiler, they must pass a similarly stringent regime of review and validation before being integrated into the indigenous solution. The next step is the production of an operating system. The methodology is the same as the one described above for the compiler. This author recommends starting with Linux as a base. I wish to see our armed forces adopting a unified approach to secure computing because they will benefit from the resulting collaboration, and a uniform level of security can be assured across the forces. I end with the prayer that May Allah Make this a source of strength for Islam and Muslims in the whole world. Aameen.