diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..7cf59da363
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# How To Report a Vulnerability
+
+If you think you have found a vulnerability in Eclipse Tycho, you can report it using one of the following ways:
+
+* Contact the [Eclipse Foundation Security Team](mailto:security@eclipse-foundation.org)
+* Create a [confidential issue](https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability)
+
+You can find more information about reporting and disclosure at the [Eclipse Foundation Security page](https://www.eclipse.org/security/).
+
+# Supported Versions
+
+Latest major version only is supported.
+
+# Security Policy
+
+This project follows [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/security/policy/).