diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..1b3a099ff3
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,6 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please go to [Security Advisories](https://github.com/com-pas/compas-open-scd/security/advisories) to privately report a security vulnerability, 
+our contributors will try to respond within a week of your report with a rough plan for a fix and new tests.