diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..7437c2d9b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+If you discover a security vulnerability within Timber, please submit your report via the link below. Please be mindful of the fact that the maintainers are working on Timber in their free time, so the initial response can take some time.
+
+### Disclosure Policy
+Please do not discuss any vulnerabilities (even resolved ones) without express consent.
+
+### Submit your report
+When you've found a security issue that abides by the rules and scope of this project, please submit the report to us via [Github](https://github.com/timber/timber/security/advisories/new). In your report, make sure to include a detailed guide on how to reproduce the issue.
+
+### After your submission
+We will make a best effort to meet the following response targets for security reports:
+
+- Time to first response (from report submit) - 5 business days
+- Time to triage (from report submit) - 10 business days
+- Time to fix (from triage) - 15 business days