diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..7c76e9963c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy and reporting a Vulnerability
+
+stellar-core falls under the Stellar Foundation's bug bounty program.
+
+To report a security problem and review the details of the program, see the [Stellar bug bounty program](https://www.stellar.org/bug-bounty-program/).