diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..81c01543
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+For now `sqlparse` uses very defensive version numbers. There's no major version yet. 
+In turn there's only one supported version and this is the latest.
+
+## Reporting a Vulnerability
+
+To report a vulnerability head over to the [Security Advisories](https://github.com/andialbrecht/sqlparse/security/advisories) 
+page and click on "New draft security advisory".
+
+Feel free to contact me at albrecht.andi@gmail.com if you have any questions or want to discuss things
+beforehand.