diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..716cc12899
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Reporting security issues
+
+### Reporting a Vulnerability
+
+If you have found a vulnerability, please **DO NOT** file a public issue. Please send us your report privately either via:
+
+- SecureDrop's public bug bounty program managed by [Bugcrowd](https://bugcrowd.com/freedomofpress)
+- Email to security@freedom.press (Optionally GPG-encrypted to [734F6E707434ECA6C007E1AE82BD6C9616DABB79](https://securedrop.org/documents/6/fpf-email.asc))