diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..a4f8ed4bd7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+We strongly encourage you to report security vulnerabilities to
+our private security mailing list: security@cilium.io - first, before
+disclosing them in any public forums.
+
+This is a private mailing list where only members of the Cilium internal
+security team are subscribed to, and is treated as top priority.