diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..562da3e0
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+First things first: **Do NOT report security vulnerabilities in public issues!**
+
+Please disclose responsibly by sending
+a mail at security@workadventu.re (you can also ping us in the GitHub issues, but please, no details in the issues!)
+
+We will assess the issue as soon as possible on a best-effort basis and will give you an estimate for when we have a fix 
+and release available for an eventual public disclosure.
+
+We do not have a bug bounty program.
+
+## Supported Versions
+
+We only apply security patches on the latest tagged release and on the `master` and `develop` branches
+
+Unless specified otherwise, do not expect us to fix security issues on past releases. We are only maintaining one release:
+the latest one, which is online at https://play.workadventu.re.