diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..732bb449
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,47 @@
+# Security policy
+
+SolidOS takes the security of our repositories seriously. This includes all source code repositories managed through our [GitHub organization](https://github.com/solidos). That said, members contribute on a volunteer basis, and the skills we have at hand fluctuate with each member.
+
+If you believe you have found a security vulnerability in any SolidOS repository, please report it to us as described below.
+
+## About this repository
+
+These repositories contribute to the frontend you see on each solidcommunity.net Pod. The repositories have different purposes and offer different features.
+
+- [**solid-logic**](https://github.com/solidos/solid-logic) — core business logic of SolidOS
+- [**mashlib**](https://github.com/solidos/mashlib/) — a Solid-compatible code library of application-level functionality for the world of Solid
+- [**solid-panes**](https://github.com/solidos/solid-panes) — a set of core Solid-compatible panes based on [solid-ui](https://github.com/solidos/solid-ui)
+- [**solid-ui**](https://github.com/solidos/solid-ui) — User Interface widgets and utilities for Solid providing building blocks for Solid-based apps
+
+## Reporting a vulnerability
+
+Please report any security vulnerabilities through the public GitHub issues of the repository where you find the vulnerability. If a vulnerability spans multiple repos, please report it on [the SolidOS repo](https://github.com/SolidOS/solidos/issues/new) itself.
+
+Please include the following in your vulnerability report:
+
+* **Impact**
+_What kind of vulnerability is it? Who is impacted?_
+
+* **Patches**
+_Has the problem been patched? What versions should users upgrade to?_
+
+* **Workarounds**
+_Is there a way for users to fix or remediate the vulnerability without upgrading?_
+
+* **References**
+_Are there any links users can visit to find out more?_
+
+* **Proposed solution**
+_Any suggested fix in the form of text or a PR is more than welcome_
+
+As a volunteer-based organization, we especially appreciate any PR which helps fix any vulnerability.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Hall of Fame
+
+Thank you to the following people for reporting vulnerabilities.
+
+  * Otto-AA