diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..5d0ee39e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you've found a vulnerability AND you have a proof of exploitation (either theoretical or practical) you can contact https://uav4geo.com/contact to report it.
+
+Please DO NOT contact us if one of our dependencies has a newly reported CVE! Having a CVE does not always mean a vulnerability is exploitable. Only contact us if you have a proof of exploitation in WebODM!
+