diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index d6e6a7a2..a38617c4 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -16,5 +16,6 @@ CONTRIBUTING.md             @ItsDrike
 ATTRIBUTION.md              @ItsDrike
 LICENSE.txt                 @ItsDrike
 LICENSE-THIRD-PARTY.txt     @ItsDrike
+SECURITY.md                 @ItsDrike
 tests/README.md             @ItsDrike
 changes/README.md           @ItsDrike
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..7f524663
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting Security Vulnerabilities
+
+**We urge you not to file a bug report in the GitHub issue tracker, since they are open for anyone to see**
+
+Instead, we encourage you to reach out to the maintainer team so we can assess the problem and later disclose it
+responsibly.
+
+To do so, you can use the `Security` tab and file a bug report there
+![image](https://user-images.githubusercontent.com/20902250/209860003-573a5219-5e71-4f27-91ec-7ad6c0516749.png)
+
+Alternatively, you can also reach out to the maintainer team directly. If you prefer this approach, you can contact one
+of the people below:
+
+- **ItsDrike** (project maintainer and owner)
+    - **Email:** `itsdrike@protonmail.com`
+    - **Discord:** `ItsDrike#5359` (however you will need to join the [py-mine discord](https://discord.gg/C2wX7zduxC) too,
+      as I might not answer to message requests from people I don't share a server with.)
diff --git a/changes/13.internal.md b/changes/13.internal.md
new file mode 100644
index 00000000..f8e1df10
--- /dev/null
+++ b/changes/13.internal.md
@@ -0,0 +1 @@
+Add a security policy.