diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..595ca02711
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+OBiBa follows [semantic versioning](https://semver.org/) recommendations.
+
+We use various code scanning services to automatically detect any new vulnerabilities.
+
+Due to limited maintenance resources, only the branch of the latest release is updated with patch fixes as soon as a vulnerability is discovered. If a vulnerability is design-related a minor version will be prepared instead. 
+
+Note that we provide limited free support to previous branches: we always make sure that new releases are backward compatible, then the recommendation is to always use the latest version. In case an upgrade to latest major/minor version is not possible, we can set up a commercial agreement to backport corrections to previous branches.
+
+## Reporting a Vulnerability
+
+You can report a vulnerability by:
+
+* Using the `Report a vulneralibity` service of GitHub from the repository page, `Security` section.
+* By sending an email at dev@obiba.org.