diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..69abcf5f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.4.x   | :white_check_mark: |
+| < 1.4.0 | :x:                |
+
+## Reporting a Vulnerability
+
+When a vulnerability is found, please *DO NOT* file a public issue.
+Instead, send an email to one of the core [maintainers](MAINTAINERS.md) and
+await acknowledgement. Normally we expect to resolve the issue in 60 days.
+However should there be an exception the team will reach out for next steps.