diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..e817a3db7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you find a vulnerability in the latest version, please email me directly at hank@henrygd.me, or [submit a private advisory](https://github.com/henrygd/beszel/security/advisories/new).
+
+If you submit an advisory, open an empty issue as well to let me know that you did (or email me), as I'm not sure if I get notifications for that.
+
+If the issue is low severity (use best judgement) you may open an issue for it instead of contacting me directly.