diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..baf4468db6
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+## Reporting Vulneratibilities
+
+If you think you have found an Mbed TLS security vulnerability, then please
+send an email to the security team at
+<mbed-tls-security@lists.trustedfirmware.org>.
+
+## Security Incident Handling Process
+
+Our security process is detailled in our [security
+center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
+
+Its primary goal is to ensure fixes are ready to be deployed when the issue
+goes public.
+
+## Maintained branches
+
+Only the maintained branches, as listed in BRANCHES.md, get security fixes.
+Users are urged to always use the latest version of a maintained branch.