diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..296cbd8
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
+
+## Reporting a Vulnerability
+
+If you think you have found a vulnerability, _please report responsibly_.
+Don't create GitHub issues for security issues.
+Instead, send an email to cedric dot ronvel at gmail dot com and I will look into it as soon as possible.
+
+**A note for bounty hunters:** I should mention that I *usually* prefer to fix security issues by myself,
+because it could involve rethinking API or fixing it / working around it in a way only an official maintainer can do it.
+I want to avoid people getting frustrated: **don't work on a fix before getting in touch with me**.