diff --git a/Gemfile.lock b/Gemfile.lock
index 418d787..5c8d419 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -935,4 +935,4 @@ RUBY VERSION
    ruby 2.7.2p137
 
 BUNDLED WITH
-   2.3.22
+   2.3.23
diff --git a/app/controllers/wellknown_controller.rb b/app/controllers/wellknown_controller.rb
new file mode 100644
index 0000000..72d8f9a
--- /dev/null
+++ b/app/controllers/wellknown_controller.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+#  Copyright (c) 2006-2023, Puzzle ITC GmbH. This file is part of
+#  PuzzleTime and licensed under the Affero General Public License version 3
+#  or later. See the COPYING file at the top-level directory or at
+#  https://github.com/puzzle/puzzletime.
+
+# Handles actions on the /.well-known path
+class WellknownController < ApplicationController
+  def security
+    file = file_for(tenant) || not_found
+    render plain: file.read
+  end
+
+  private
+
+  def organization
+    Decidim::Organization.find_by(host: request.domain)
+  end
+
+  def tenant
+    tenant = organization.tenant_type || 'other'
+    tenant.to_sym
+  end
+
+  def file_for(tenant)
+    path = Rails.root.join("lib/tenant_files/#{tenant}/security.txt")
+    return unless path.exist?
+
+    path
+  end
+
+  def not_found
+    raise ActionController::RoutingError, 'Not Found'
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index b82991b..8846a52 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -6,6 +6,8 @@
   mount Decidim::Core::Engine => '/'
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
 
+  get '.well-known/security.txt', to: 'wellknown#security'
+
   get 'status/health', to: 'status#health'
   get 'status/readiness', to: 'status#readiness'
 end
diff --git a/lib/tenant_files/dialogluzern/security.txt b/lib/tenant_files/dialogluzern/security.txt
new file mode 100644
index 0000000..58e54fd
--- /dev/null
+++ b/lib/tenant_files/dialogluzern/security.txt
@@ -0,0 +1,8 @@
+# In the event that you have discovered a technical vulnerability in an IT system of the city of Lucerne (Stadt Luzern), 

+# we encourage you to report it to the Competence Center for Digital Security and Privacy using the Coordinated Vulnerability Disclosure program.

+

+Contact: https://www.stadtluzern.ch/politikverwaltung/stadtverwaltung/dienstabteilungenbereiche/33551

+Contact: mailto:security@stadtluzern.ch

+Expires: 2023-12-31T23:59:59.000Z

+Preferred-Languages: en, de

+Canonical: https://www.stadtluzern.ch/.well-known/security.txt
\ No newline at end of file