diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..4dfc995c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security
+
+Per the
+[Linux Foundation Vulnerability Disclosure Policy](https://www.linuxfoundation.org/security),
+if you find a vulnerability in a project maintained by the OpenSSF,
+please report that directly to the project maintaining that code.
+
+If you've been unable to find a way to report it,
+or have received no response after repeated attempts, please contact the
+OpenSSF security contact email, security @ openssf . org.
+
+Thank you.