diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000000..9a05610f94
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+We support the newest major version of MongooseIM based on the two latest OTP versions.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.x     | :white_check_mark: |
+| < 5.0   | :x:                |
+
+## Reporting a Vulnerability
+
+To report a vulnerability please contact us at mongoose-im@erlang-solutions.com.
+
+We will try to get back to you as quickly as we can, given that we are a relatively small, open-source team.
+If the vulnerability is confirmed, we will try to patch it as soon as our resources allow.
+
+We do not provide a bug bounty.
+
+We proudly support the [Erlang Ecosystem Foundation](https://erlef.org/), which includes the [Security Working Group](https://erlef.org/wg/security).