diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..10a28bb
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Only the most recent stable (non-pre-release) version is supported with security updates.
+
+## Reporting a Vulnerability
+
+If you discover or suspect you have discovered a vulnerability, please report it to me@charleskorn.com, including [Security] in the subject line. Please include a short description of the issue and steps on how to reproduce it.
+
+The issue will be investigated and fixed privately, then disclosed publicly once a fix is available.
+
+Anyone who reports a vulnerability will be acknowledged in the release notes and security advisory.