diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 000000000..7498c010d
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+If you're looking to report a security vulnerability, please go to the GitHub [Security](https://github.com/madsmtm/objc2/security) tab, and click on the "Report a vulnerability" button.
+
+Unsoundness issues should be limited to that which is actually exploitable; theoretical soundness issues should be reported by [opening a new issue](https://github.com/madsmtm/objc2/issues/new), and is tracked with the label [I-unsound](https://github.com/madsmtm/objc2/labels/I-unsound).
+
+Security issues inherent to Apple's frameworks should be reported to [Apple Security Research](https://security.apple.com/).
+
+Note that I'm working on `objc2` in my free time, and am often without internet access. Security vulnerabilities will be highly prioritized, but expect delays for up to a week.