diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..2a8ddcbcd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Versions
+
+Generally updating to the latest stable version will have all security issues addressed.
+- Security patches are applied up to the **current minor version**.
+- Earlier versions are not supported by default, but we will examine them on a case-by-case basis.
+
+| Version | Addressed issues                                                                                                 | Fix                                                 |
+|---------|------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------|
+| 1.20.0  | [CWE-611](https://cwe.mitre.org/data/definitions/611.html) Improper Restriction of XML External Entity Reference | [#4499](https://github.com/detekt/detekt/pull/4499) |
+
+## Reporting a Vulnerability
+
+Please report vulnerability to security@detekt.dev. 
+We commit to respond within 2 weeks. You may also find us in the [#detekt](https://kotlinlang.slack.com/archives/C88E12QH4) channel of [kotlinlang Slack](https://kotlinlang.slack.com/).
+If you have already reported on vulnerability disclosure platform, please include its link in the report.