diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9cb7d30
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Reporting Security Issues
+
+## Security Bug Bounty Program
+
+The [Matomo Security Bug Bounty Program on HackerOne](https://hackerone.com/matomo/) is designed to encourage security research in Matomo software and to reward those who help us create the safest web analytics platform. 
+
+## Responsible disclosure by email
+
+We encourage you to responsibly report issues via our [Matomo Bug Bounty Program on HackerOne](https://hackerone.com/matomo) or you can also 
+[email us at security@matomo.org](mailto:security@matomo.org?subject=Reporting%20Vulnerability%20in%20Matomo).
+
+If you have found a security issue in Matomo please read [our security notes](https://matomo.org/security/) regarding responsible disclosures.