diff --git a/README.md b/README.md
index 9112464d..0536950d 100644
--- a/README.md
+++ b/README.md
@@ -125,3 +125,7 @@ Feel free to open issues and pull requests. Any feedback is much appreciated!
 
 Most source code in KubeSkoop which running on userspace are licensed under the [Apache License, Version 2.0](LICENSE.md).  
 The BPF code in `/bpf` directory are licensed under the [GPL v2.0](bpf/COPYING) to compat with Linux kernel helper functions.  
+
+## Security
+
+Please report vulnerabilities by email to [kubernetes-security@service.aliyun.com](kubernetes-security@service.aliyun.com). Also see our [SECURITY.md](SECURITY.md) file for details.
diff --git a/README_zh.md b/README_zh.md
index 3d9f21ea..0f3f8a5f 100644
--- a/README_zh.md
+++ b/README_zh.md
@@ -122,5 +122,8 @@ kubectl get svc -n kubeskoop webconsole
 
 ## License
 
-Most source code in KubeSkoop which running on userspace are licensed under the [Apache License, Version 2.0](LICENSE.md).  
-The BPF code in `/bpf` directory are licensed under the [GPL v2.0](bpf/COPYING) to compat with Linux kernel helper functions.  
+KubeSkoop的多数用户态代码使用[Apache License, Version 2.0](LICENSE.md)。 `/bpf`目录下的BPF代码使用[GPL v2.0](bpf/COPYING)。
+
+## 安全
+
+如果您发现了代码中的安全漏洞，请联系[kubernetes-security@service.aliyun.com](kubernetes-security@service.aliyun.com)。详见 [SECURITY.md](SECURITY.md)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..01507cd9
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.0   | :white_check_mark: |
+| < 1.0.0   | :x:                |
+
+## Reporting a Vulnerability
+
+DO NOT CREATE AN ISSUE to report a security problem. Instead, please send an email to [kubernetes-security@service.aliyun.com](kubernetes-security@service.aliyun.com)
+
+## Vulnerability Management Plans
+
+### Critical Updates And Security Notices
+
+We learn about critical software updates and security threats from these sources
+
+1. GitHub Security Alerts
+2. [Dependabot](https://dependabot.com/) Dependency Updates