diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..fd360b2e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest non-prerelease version is supported.
+
+## Security contact information
+
+To report a security vulnerability
+
+### Directly on GitHub
+
+You can also directly propose a GitHub  security advisory on the Flit Security page of github:
+
+[https://github.com/pypa/flit/security](https://github.com/pypa/flit/security)
+
+### via Tidelift:
+
+You can use the
+[Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the
+fix and disclosure.
+
+If you are a tidelift subscriber, this is the preferred  path
+