diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..91e8245
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+If you believe you have found a security vulnerability, please DO NOT disclose it publicly until we’ve had a chance to fix it.
+
+Please don’t report security vulnerabilities via GitHub issues, instead [report them privately](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) via the [Security Advisories](../../security/advisories/new) page.