diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..65b40899
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Reporting Security Issues
+
+To report a security issue, please email
+[oss-security@googlegroups.com](mailto:oss-security@googlegroups.com)
+with a description of the issue, the steps you took to create the issue,
+affected versions, and, if known, mitigations for the issue.
+
+Our vulnerability management team will respond within 3 working days of your
+email. If the issue is confirmed as a vulnerability, we will open a
+Security Advisory and acknowledge your contributions as part of it. This project
+follows a 90 day disclosure timeline.