diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..a627e5f8e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+Bandit is a tool designed to find security issues, so every effort is made that Bandit itself is also
+free of those issues. However, if you believe you have found a security vulnerability in this repository
+please open it privately via the [Report a security vulnerability](https://github.com/PyCQA/bandit/security/advisories/new) link in the Issues tab.
+
+**Please do not report security vulnerabilities through public issues, discussions, or pull requests.**
+
+Please also inform the [Tidelift security](https://tidelift.com/security). Tidelift will help coordinate the fix and disclosure.