diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 00000000..41c18551
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,3 @@
+# Security
+
+If you observe a security vulnerability in AspireUpdate, please responsibly report it by [opening a new security advisory](https://github.com/aspirepress/aspireupdate/security/advisories). We will respond to discuss the issue with you, and we will credit you in the fix we provide. We ask for 30 days to fix any vulnerability before you disclose its existence or details with anyone else.