diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..5cfb9ea2ea
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported versions
+
+Phoenix applies bug fixes only to the latest minor branch. Security patches are
+available for the last 4 minor branches:
+
+Elixir version | Support
+:------------- | :-----------------------------
+1.7            | Bug fixes and security patches
+1.6            | Security patches only
+1.5            | Security patches only
+1.4            | Security patches only
+
+## Announcements
+
+[Security advisories will be published on GitHub](https://github.com/phoenixframework/phoenix/security).
+
+## Reporting a vulnerability
+
+[Please disclose security vulnerabilities privately via GitHub](https://github.com/phoenixframework/phoenix/security).