diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000000..9e9553cbd4
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+Rucio follows a release policy, based on [semantic versioning](https://semver.org),
+with **major** (named) releases. Approximately every 4 months we produce a major 
+release with a version number like **x.0.0** (with x > 0). This release line is 
+maintained with minor/patch releases published every two weeks.
+
+Typically once a year we will designate a release line a **Long-term Support** (LTS) 
+release line. This release line will be supported with **security** and **critical** 
+patches for approximately two years. It is foreseen to have an overlap of at least 
+12 months between two LTS release lines, to give communities a comfortable time 
+window to deploy the new LTS release.
+
+**Release lines other than the latest and active LTS ones are not maintained!**
+
+For further information, including the current list of maintained release lines, 
+read the [release policy](https://rucio.cern.ch/documentation/started/releasepolicy) 
+on the Rucio documentation. 
+
+## Reporting a Vulnerability
+
+Please report it privately using GitHub's [Report a vulnerability][https://github.com/rucio/rucio/security/advisories/new] 
+option. You can also reach the security team at rucio-security@cern.ch.