diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..6a1c6b2e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Supported Versions
+
+We will support the latest release and main development branch with security updates.
+
+## Reporting a Vulnerability
+
+If you believe to have found a vulnerability in `librespot` itself or as a result from
+one of its dependencies, please report it by contacting one or more of the active
+maintainers directly, allowing no less than three calendar days to receive a response.
+
+If you believe that the vulnerability is public knowledge or already being exploited
+in the wild, regardless of having received a response to your direct messages or not,
+please create an issue report to warn other users about continued use and instruct
+them on any known workarounds.
+
+On your report you may expect feedback on whether we believe that the vulnerability
+is indeed applicable and if so, when and how it may be fixed. You may expect to
+be asked for assistance with review and testing.