diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..79ecc6b9c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Mirror & Mirror LTS are both supported for security fixes.
+
+## Reporting a Vulnerability
+Please contact security [at] mirror-networking.com to report a vulnerability.
+You can also contact us in [our Discord](https://discord.gg/N9QVxbM) for faster replies.
+
+You can expect a reply within 24-48 hours.
+We will keep you updated on our steps to mitigate issues every 2-4 weeks.
+
+Depending on the severity of the exploit, we offer a $50 - $500 bug bounty.
+
+**Specifically we are looking for:**
+* Ways to crash a Mirror server.
+* Ways to exploit a Mirror server.
+* Ways to leave a Mirror server in undefined state.
+
+We are **not** looking for DOS/DDOS attacks, as those are expected to be handled by the hosting infrastructure.