diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..cdcc59188c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+This document outlines our security policy for the codebase, and how to report vulnerability.
+
+## Versions
+
+| Version     | Branch                   | Supported          | Website active   |
+| ----------- | ------------------------ | ------------------ | ---------------- |
+| production  | `production-legacy-2018` | :white_check_mark: | freecodecamp.org |
+| beta        | `master`                 |                    |                  |
+| development | `master`                 |                    |                  |
+
+## Reporting a Vulnerability
+
+Security issues should be emailed to security@freecodecamp.org, please do not create a public GitHub issue.
+
+Ensure that you are using the **latest**, **stable** and **updated** version of the Operating System and Web Browser available to you on your machine.