diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..6d7e18941
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+Compiler Explorer allows remote users to compile and, if configured, execute
+code.  We take security seriously, and encourage users to promptly report
+security vulnerabilities they find.
+
+## Reporting a Vulnerability
+
+If the issue can be reported without revealing exploitable specifics, please
+file [an issue](https://github.com/compiler-explorer/compiler-explorer/issues/new/choose) as a bug.
+
+Please email matt@godbolt.org with specifics, or if the bug can't be reported publically
+without leaving an obvious exploit in the public eye.
+
+We expect to get back within a day or two. If you don't hear from us, please do ping us again,
+or reach out to us on the [Discord](https://discord.gg/wFXUwDp).