diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..92af5e2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities, consumers are expected to track the latest version of the library.
+
+## Reporting a Vulnerability
+
+For low risk security vulnerabilities CVSS 3.1 scores of < 5.0, you may log the issue via the GitHub tracker. Otherwise
+and for all other vulnerabilities, please report (suspected) security vulnerabilities to *security@shimmeringbee.io*.
+We are an open source volunteer project, we aim to respond to you within 72 hours.
+If the issue is confirmed, we will release a patch as soon as possible depending on complexity.
\ No newline at end of file