diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 00000000..fcfac71b
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+If you believe you have identified a security issue with a Pallets
+project, **do not open a public issue**. To responsibly report a
+security issue, please email security@palletsprojects.com. A security
+team member will contact you acknowledging the report and how to
+continue.
+
+Be sure to include as much detail as necessary in your report. As with
+reporting normal issues, a minimal reproducible example will help the
+maintainers address the issue faster. If you are able, you may also
+include a fix for the issue generated with `git format-patch`.
+
+The current and previous release will receive security patches, with
+older versions evaluated based on usage information and severity.
+
+After fixing an issue, we will make a security release along with an
+announcement on our blog. We may obtain a CVE id as well. You may
+include a name and link if you would like to be credited for the report.