diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..fb948207
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest [release][releases] is supported.
+
+## Reporting a Vulnerability
+
+Vulnerabilities can be send in via [email][email] to avoid publishing in the open.
+Oh My Posh does not have a bountry program, neither do we respond to beg bounties.
+
+For valid security concerns, you can expect a response within 48 hours,
+and credit is given once an acceptable fix is found and published.
+
+[releases]: https://github.com/JanDeDobbeleer/oh-my-posh/releases
+[email]: mailto:security@ohmyposh.dev