diff --git a/security.md b/security.md
new file mode 100644
index 0000000000..f1eaf3290c
--- /dev/null
+++ b/security.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+Security fixes are provided in new releases and bugfix releases.
+
+We do not backport security fixes to older releases.
+
+(Yet, Linux distributions might backport security fixes for their packages.)
+
+## Reporting a Vulnerability
+
+Please do not report vulnerabilities via GitHub issues.
+
+If you have discovered a vulnerability, it is the best to notify us about it via
+security@nim-lang.org in order to setup a meeting where we can discuss the next
+steps.