diff --git a/.github/security.md b/.github/security.md
new file mode 100644
index 0000000000..0d60188f05
--- /dev/null
+++ b/.github/security.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+**Do not open up a GitHub issue if the bug is a security vulnerability in Rails**.
+Instead refer to our [security policy](https://rubyonrails.org/security/).
+
+## Supported Versions
+
+Security backports are provided for some previous release series. For details
+of which release series are currently receiving security backports see our
+[security policy](https://rubyonrails.org/security/).