diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..bc650eba2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Only the current development release and the last stable version of CodeCompass is supported by security updates.
+
+| Version              | Branch            | Supported          |
+| -------------------- | ----------------- | ------------------ |
+| Development release  | `master`          | :white_check_mark: |
+| Flash                | `release/flash`   | :white_check_mark: |
+| Earhart              | `release/earhart` | :x:                |
+
+Previous (not open source) versions of CodeCompass are also not supported anymore.
+
+## Reporting a Vulnerability
+
+If you find a vulnerability in CodeCompass, please report it as a security vulnerability on GitHub:  
+https://github.com/Ericsson/CodeCompass/security/advisories/new