diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..d8b8e373
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+We advise users to use the most recent release of NGINX Plus Go Client library. This project is not covered by the NGINX Plus support contract.
+
+## Reporting a Vulnerability
+
+The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities.
+
+- If you’re an F5 customer with an active support contract, please contact [F5 Technical Support](https://www.f5.com/services/support).
+- If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at F5SIRT@f5.com
+
+For more information visit https://www.f5.com/services/support/report-a-vulnerability