diff --git a/README.md b/README.md
index 0f370bd..52451f1 100644
--- a/README.md
+++ b/README.md
@@ -381,13 +381,7 @@ calls `callback(err, result)` when the verification result is available.
 
 ## Security
 
-The security guarantees of the algorithm implementations provided by this
-library do not exceed the security guarantees made by the PQClean project as
-defined in [PQClean/SECURITY.md][]. To report a potential vulnerability in such
-an implementation, please report it to the [PQClean][] project.
-
-To report security issues that are specific to the Node.js or web ports of
-PQClean (i.e., this project), please open an issue in this repository.
+See [SECURITY.md](SECURITY.md).
 
 ## License
 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..5289a38
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
+## Security
+
+The security guarantees of the algorithm implementations provided by this
+library do not exceed the security guarantees made by the PQClean project as
+defined in [PQClean/SECURITY.md][]. To report a potential vulnerability in such
+an implementation, please report it to the [PQClean][] project.
+
+To report security issues that are specific to the Node.js or web ports of
+PQClean (i.e., this project), please open an issue in this repository or contact
+the author by email.