diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..73d3a4c225
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,35 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+The Rooch dev team takes the security of our project seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
+
+To report a security vulnerability, please use the GitHub Security Advisory **"Report a security vulnerability"** feature. 
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+When reporting a vulnerability, please provide as much information as possible, including:
+
+1. A description of the vulnerability
+2. Steps to reproduce the issue
+3. Potential impact of the vulnerability
+4. Any potential mitigations you've identified
+
+## Response Time
+
+We will acknowledge receipt of your vulnerability report within 3 business days and will send you regular updates about our progress.
+
+## Disclosure Policy
+
+When we receive a security bug report, we will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
+
+1. Confirm the problem and determine the affected versions.
+2. Audit code to find any potential similar problems.
+3. Prepare fixes for all releases still under maintenance.
+4. Release new versions and update the public repository.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved, please submit a pull request.
+
+Thank you for helping keep Rooch and our users safe!