diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..80d50c9a911
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+We strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums.
+
+This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.