diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..d9ce5dd85
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,4 @@
+# Security Policy
+
+The SPDK community has a documented CVE process [here](https://spdk.io/cve_threat/) that describes
+both how to report a potential security issue as well as who to contact for more information.