diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..4094801
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Reporting a Vulnerability
+At Stream we are committed to the security of our Software. We appreciate your efforts in disclosing vulnerabilities responsibly and we will make every effort to acknowledge your contributions.
+
+Report security vulnerabilities at the following email address:
+```
+[security@getstream.io](mailto:security@getstream.io)
+```
+Alternatively it is also possible to open a new issue in the affected repository, tagging it with the `security` tag.
+
+A team member will acknowledge the vulnerability and will follow-up with more detailed information. A representative of the security team will be in touch if more information is needed.
+
+# Information to include in a report
+While we appreciate any information that you are willing to provide, please make sure to include the following:
+* Which repository is affected
+* Which branch, if relevant
+* Be as descriptive as possible, the team will replicate the vulnerability before working on a fix.