diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..d98352b
Binary files /dev/null and b/.DS_Store differ
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..e320d6b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# Reporting Security Issues
+
+To report a security issue or vulnerability, submit a [private vulnerability report via GitHub](https://github.com/ossf/security-insights-spec/security/advisories/new) to the repository maintainers with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+Our vulnerability management team will respond within 7 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.
+
+Other contacts: luigi.gubello@protonmail.com
\ No newline at end of file