diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..067b6adaf2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you think that you have found a security issue, 
+don’t use the bug tracker and don’t publish it publicly. 
+Instead, all security issues must be reported via a private vulnerability report.
+
+
+## Resolving Process
+Every submitted security issue is handled with top priority by following these steps: 
+
+1. Confirm the vulnerability
+2. Determine the severity
+3. Contact reporter
+4. Work on a patch
+5. Get a CVE identification number (may be done by the reporter or a security service provider)
+6. Patch reviewing 
+7. Tagging a new release for supported versions
+8. Publish security announcement