diff --git a/README.md b/README.md
index 1df06b59f0..1156ba51a7 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,10 @@ Funders have included DARPA, NSF, DOD, DOE, LC, NARA, NASA, NOAA, USPTO, and LLN
 
 iRODS is released under a 3-clause BSD License.
 
+## Reporting Security Vulnerabilities
+
+See [SECURITY.md](SECURITY.md) for details.
+
 ## Links to elsewhere...
 
  - [https://github.com/irods](https://github.com/irods)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..cca8251d49
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Reporting Security Vulnerabilities
+
+The iRODS Consortium takes security very seriously. If you feel you've discovered a vulnerability, please send an email to [security@irods.org](mailto:security@irods.org).
+
+The iRODS Consortium and the community greatly appreciate you taking the time to submit your findings.