diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..e36430e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# pygeoapi Security Policy
+
+## Supported Versions
+
+Security/vulnerability reports **should not** be submitted through GitHub issues or public discussions, but instead please send your report 
+to **geopython-security nospam @ lists.osgeo.org** (remove the blanks and 'nospam').  
+
+Please follow the [contributor guidelines](https://github.com/geopython/pygeoapi/blob/master/CONTRIBUTING.md) when submitting a vulnerability report.
+
+## Supported Versions
+
+The pygeoapi Project Steering Committee (PSC) will release patches for security vulnerabilities for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.10.x  | :white_check_mark: |
+| < 0.10  | :x:                |