diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..6346a7a3d7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,33 @@
+# Security Policy
+
+## Supported Versions
+
+Please see [Releases](https://github.com/nimiq/core-rs-albatross/releases). We recommend using the [most recently released version](https://github.com/nimiq/core-rs-albatross/releases/latest).
+
+
+## Security Announcements
+
+Public announcements of new releases with security fixes and of disclosure of any vulnerabilities will be made in the Nimiq Forum's [Security Announcements](https://forum.nimiq.community/) channel.
+
+
+## Reporting a Vulnerability
+
+We’re extremely grateful for security researchers and users that report vulnerabilities to the Nimiq community. All reports are thoroughly investigated.
+
+**Please do not file a public ticket** mentioning any vulnerability.
+
+The Nimiq community asks that all suspected vulnerabilities be privately and responsibly disclosed.
+
+To report a vulnerability, the preferential method is through [Nimiq on HackerOne](https://hackerone.com/nimiq).
+
+Alternatively, you can also email the [security@nimiq.com](mailto:security@nimiq.com) list with the details of reproducing the vulnerability as well as the usual details expected for all bug reports.
+
+While the primary focus of this disclosure program is the Albatross protocol, the Nimiq wallet and Keyguard, the team may be able to assist in coordinating a response to a vulnerability in the third-party apps or tools in the Nimiq ecosystem.
+
+You may encrypt your email to this list using this GPG key (but encryption using GPG is NOT required to make a disclosure):  
+
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+TODO
+-----END PGP PUBLIC KEY BLOCK-----
+```
\ No newline at end of file