diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..7fa2e0d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+Find a vulnerability on Bastion? Thanks for considering reporting it!
+
+## Supported Versions
+
+Currently, we support latest minor versions for security updates.
+
+## Reporting a Vulnerability
+
+If you find a vulnerability, please do **NOT** open an issue. You should report to
+[team@bastion.rs](mailto:team@bastion.rs) instead.
+
+We will try to reply to it and prepare a patch as soon as possible.
+
+### Security Point of Contact
+
+The security point of contact is [@vertexclique].
+
+If you have not received a reply to your email within 48 hours,
+please contact them directly.
+
+[@vertexclique]: https://github.com/vertexclique