diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..d1ae30d8
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+This project follows the [Eclipse Vulnerability Reporting Policy](https://www.eclipse.org/security/policy.php).
+Vulnerabilities are tracked by the Eclipse security team, in cooperation with the project lead.
+Fixing vulnerabilities is taken care of by the project committers, with assistance and guidance of the security
+team.
+
+## Supported Versions
+
+Eclipse Paho provides security updates for the most recent version only.
+
+## Reporting a Vulnerability
+
+We recommend that in case of suspected vulnerabilities you do not create a GitHub issue, but instead contact the
+Eclipse Security Team directly sending an email to security@eclipse.org.
+