diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..871c06a503
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
+# Security Policy
+
+See [docs/SECURITY-PROCESS.md](docs/SECURITY-PROCESS.md) for full details.
+
+## Reporting a Vulnerability
+
+If you have found or just suspect a security problem somewhere in curl or libcurl,
+report it on [https://hackerone.com/curl](https://hackerone.com/curl).
+
+We treat security issuse with confidentiality until disclosed controlled and responsibly.