diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..ca0360e9ba3
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+## Supported Versions
+Legacy-compatibility releases `v1.x`:
+- :hourglass_flowing_sand: Web3.js currently undergoes a quick release cycle with regular minor and patch releases.
+- :globe_with_meridians: We encourage using the [most recently released version](https://github.com/ChainSafe/web3.js/releases/latest) from the `v1.x` release track before reporting an issue.
+
+Future rewrites and feature tracks `v2.x`, `v3.x`, and  `v4.x`:
+- :hourglass: Web3.js currently undergoes a complete refactoring and rewrite. At this time it is not recommended to use any of these release tracks, yet.
+- :stop_sign: We encourage **not** using these releases until official stable releases will be announced.
+
+## Reporting a Vulnerability
+- :rotating_light: Please, send vulnerability reports to `security@chainsafe.io`.
+- :warning: **Please do not file a public ticket** mentioning the vulnerability, as doing so could increase the likelihood of the vulnerability being exploited before a fix has been created, released and installed on the network.