diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..004937f6c26
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+If you believe you've found an exploitable security issue in Swagger UI,
+**please don't create a public issue**. 
+
+
+## Supported versions
+
+This is the list of versions of `swagger-ui` which are
+currently being supported with security updates.
+
+| Version  | Supported          | Notes                  |
+| -------- | ------------------ | ---------------------- |
+| 3.x      | :white_check_mark: |                        |
+| 2.x      | :x:                | End-of-life as of 2017 |
+
+## Reporting a vulnerability
+
+To report a vulnerability please send an email with the details to [security@swagger.io](mailto:security@swagger.io).
+
+We'll acknowledge receipt of your report ASAP, and set expectations on how we plan to handle it.