diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..285b84b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in any OKDP component, please report it responsibly.
+
+**Do NOT open a public GitHub issue for security vulnerabilities.**
+
+Instead, please use [GitHub's private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) on the affected repository.
+
+Alternatively, contact the maintainers directly (see the MAINTAINERS file in the relevant repo).
+
+## Supported Versions
+
+Security updates are provided for the latest released version of each OKDP component.
\ No newline at end of file