diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..29d182f96a9
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,29 @@
+# Security Policy
+
+The Trixi.jl development team takes security issues seriously. We appreciate
+all efforts to responsibly disclose any security issues and will make every
+effort to acknowledge contributions.
+
+
+## Supported Versions
+
+The current stable release versions following SemVer are supported with
+security updates.
+
+
+## Reporting a Vulnerability
+
+To report a security issue, please use the GitHub Security Advisory 
+["Report a Vulnerability"](https://github.com/trixi-framework/Trixi.jl/security/advisories/new)
+tab.
+
+We will send a response indicating the next steps in handling your report.
+After the initial reply to your report, we will keep you informed of the
+progress towards a fix and full announcement, and may ask for additional
+information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.
+
+Public notifications of vulnerabilities will be shared in community channels 
+such as Slack.