diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..dfa8cd5
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version of the library is supported.
+
+## Reporting a Vulnerability
+
+We ask to report any security vulnerabilities or flaws through:
+
+1. Github, in the "Security" tab, using the "Report a vulnerability" button.
+2. Email, security@dfns.co
+
+After receiving the report, it will take us up to 2 working days to respond. 
+We will evaluate the reported vulnerability, determine whether it needs to 
+be addressed, and (if so) and provide an estimated timeline for addressing it.
+
+After vulnerability was fixed and the new version of the library was
+properly tested, we publish the fix, and publicly disclose the vulnerability
+(credits for finding the issue go to the reporter).