diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..3e27ce459
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,45 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions of open62541 are monitored for vulnerabilities and are part of our vulnerability handling and release process.
+
+| Version   | Community Support   | Commercial Support Available |
+| --------- | ------------------- | ---------------------------- |
+| master    | :heavy_check_mark:  | :heavy_check_mark:           |
+| v1.4.x    | :heavy_check_mark:  | :heavy_check_mark:           |
+| v1.3.x    | :last_quarter_moon: | :heavy_check_mark:           |
+| <= v1.2.x | :last_quarter_moon: | :heavy_check_mark:           |
+| <= v1.0.x | :x:                 | :last_quarter_moon:          |
+
+## Reporting a Vulnerability
+
+Security vulnerabilities can be disclosed privately to the mailing list open62541-security@googlegroups.com.
+
+The disclosure triggers an evaluation of the vulnerability.
+Depending on the criticality, the follow-up comprises of the following steps:
+
+- Responsible disclosure of the vulnerability to critical professional users (with an embargo period)
+- Commit of the fix to the public repository
+- Backporting of the fix to past release families
+- Preparation of patch releases
+- Public disclosure of the vulnerability
+
+You can send us encrypted email with PGP using this public key:
+
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZyvNHBYJKwYBBAHaRw8BAQdAVVciLHk9qEu38ZmqGfUuB9SD7lvw6Z8lTm6G
+H2zqh4O0NG9wZW42MjU0MSBUZWFtIDxvcGVuNjI1NDEtc2VjdXJpdHlAZ29vZ2xl
+Z3JvdXBzLmNvbT6ImQQTFgoAQRYhBMlp8zR7pjG9VoaVFK5VKNbXA7F8BQJnK80c
+AhsDBQkFoxmUBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEK5VKNbXA7F8
+vLcBAIC7/R5gZrqXm+js+tQrMgua/7Rr8h2CGC8GVogwLmYBAQDF9XzoZMBPQu5j
+Vtudpc3lzQy4g8qzIvtwTaQe4KOhCLg4BGcrzRwSCisGAQQBl1UBBQEBB0Acmd51
+rRZ3697if50xOUeu2tdHjOWMn+P3Ga5/2ZIGKwMBCAeIfgQYFgoAJhYhBMlp8zR7
+pjG9VoaVFK5VKNbXA7F8BQJnK80cAhsMBQkFoxmUAAoJEK5VKNbXA7F8y4UA/RSe
+NKKvTqtDayyNn6kRKLnuBAPlXTjvpMARcSMFe9APAQCdu22yS4KB3cGBHoXMSTwO
+tfp1v8HATMXKB65FmujmBg==
+=Juz6
+-----END PGP PUBLIC KEY BLOCK-----
+```