diff --git a/README.md b/README.md
index 8b20639..9a778c9 100644
--- a/README.md
+++ b/README.md
@@ -162,8 +162,16 @@ are still missing or experimental
 
 I'd be very happy to get contributions! Although the master repository is on
 my self hosted git server, you're free to create issues, PRs and so on on
-GitHub. If enough activity comes around, moving to GitHub Codeberg might be a 
+GitHub. If enough activity comes around, moving to GitHub Codeberg might be a
 good idea.
 
 If you have any questions, use issues and discussions tabs or write me an email
 to [software@cscherr.de](mailto:software@cscherr.de)
+
+## Security
+
+If you find a security issue with this repository, it would be best if you sent
+me a mail to [software@cscherr.de](mailto:software@cscherr.de) or reported it on
+GitHub.
+
+See [`SECURITY`](SECURITY.md).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9246822
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest release is currently supported.
+
+## Reporting a Vulnerability
+
+It would be best if you reported any found security vulnerabilities on the GitHub mirror. 
+
+If you want to send something encrypted, use [this](https://static.cscherr.de/keys/software@cscherr.de.asc) key.
+You can always reach me on [software@cscherr.de](mailto:software@cscherr.de), but sadly, I'm struggeling with PGP
+encryption in my mail client. I use protonmail to host my EMail services, so if you send me something from protonmail,
+it will be end to end encrypted.