diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..515bc1aa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,4 @@
+# Reporting a security vulnerability
+
+To report a security issue, please email `sidebase@sidestream.tech` with a description of the issue, the steps you took to create the
+issue, affected versions, and if known, mitigations for the issue. Our vulnerability management team will acknowledge receiving your email within 3 working days. This project follows a 90 day disclosure timeline.