diff --git a/README.md b/README.md
index 8b20639..d011257 100644
--- a/README.md
+++ b/README.md
@@ -161,9 +161,17 @@ are still missing or experimental
 ## Contributing
 
 I'd be very happy to get contributions! Although the master repository is on
-my self hosted git server, you're free to create issues, PRs and so on on
-GitHub. If enough activity comes around, moving to GitHub Codeberg might be a 
+my self hosted git server, you're free to create issues, PRs and so on
+GitHub. If enough activity comes around, moving to GitHub Codeberg might be a
 good idea.
 
 If you have any questions, use issues and discussions tabs or write me an email
 to [software@cscherr.de](mailto:software@cscherr.de)
+
+## Security
+
+If you find a security issue with this repository, it would be best if you sent
+me a mail to [software@cscherr.de](mailto:software@cscherr.de) or reported it on
+GitHub.
+
+See [`SECURITY`](SECURITY.md).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9246822
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest release is currently supported.
+
+## Reporting a Vulnerability
+
+It would be best if you reported any found security vulnerabilities on the GitHub mirror. 
+
+If you want to send something encrypted, use [this](https://static.cscherr.de/keys/software@cscherr.de.asc) key.
+You can always reach me on [software@cscherr.de](mailto:software@cscherr.de), but sadly, I'm struggeling with PGP
+encryption in my mail client. I use protonmail to host my EMail services, so if you send me something from protonmail,
+it will be end to end encrypted.