diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..9846a94f7e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
+# Reporting security issues
+
+The Gitea maintainers take security seriously.  
+If you discover a security issue, please bring it to their attention right away!
+
+### Reporting a Vulnerability
+
+Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
+
+Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.