diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..f598eeb
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security policy
+
+Even though this project is focused on security, it is still prone to possible vulnerabilities. We consider every security bug as a serious issue and will try our best to address it.
+
+## Responsible disclosure
+
+If you have found a security bug, please send us an email at security \[@\] bunkerity.com with technical details so we can resolve it as soon as possible.
+
+Here is a non-exhaustive list of issues we consider as high risk :
+- Vulnerability in the core
+- Bypass of a security feature
+- Vulnerability in a third-party dependency
+- Risk in the supply chain
+
+## Bounty
+
+To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.