diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000000..dfc36ffdee
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+We will endeavour to support:
+* the most recent minor release with bug fixes
+* the latest minor release from the last major version
+  for 6 months after a new major version is released with critical bug fixes
+* all versions if a security vulnerability is found provided 1) upgrading to a later version is non-trivial 2)
+  sufficient people are using that version to make support worthwhile
+
+## Reporting a Vulnerability
+
+If you find what you think might be a security vulnerability with pydantic,
+please do not create an issue on github. Instead please email s@muelcolvin.com
+I'll reply to your email prompted and try to get a patch out ASAP.
diff --git a/README.md b/README.md
index 23bf422838..2f09375c97 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ See [documentation](https://pydantic-docs.helpmanual.io/) for more details.
 ## Installation
 
 Install using `pip install -U pydantic` or `conda install pydantic -c conda-forge`.
-For more installation options to make *pydantic* even faster, 
+For more installation options to make *pydantic* even faster,
 see the [Install](https://pydantic-docs.helpmanual.io/install/) section in the documentation.
 
 ## A Simple Example
@@ -47,5 +47,9 @@ print(user.id)
 ## Contributing
 
 For guidance on setting up a development environment and how to make a
-contribution to *pydantic*, see 
+contribution to *pydantic*, see
 [Contributing to Pydantic](https://pydantic-docs.helpmanual.io/contributing/).
+
+## Reporting a Security Vulnerability
+
+See our [security policy](https://github.com/samuelcolvin/pydantic/security/policy).
diff --git a/docs/contributing.md b/docs/contributing.md
index d608a0a94b..c154c28510 100644
--- a/docs/contributing.md
+++ b/docs/contributing.md
@@ -2,7 +2,8 @@ We'd love you to contribute to *pydantic*!
 
 ## Issues
 
-Questions, feature requests and bug reports are all welcome as issues.
+Questions, feature requests and bug reports are all welcome as issues. **However, to report a security
+vulnerability, please see our [security policy](https://github.com/samuelcolvin/pydantic/security/policy).**
 
 To make it as simple as possible for us to help you, please include the output of the following call in your issue: