diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..a56ee308c423
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Supported Versions
+
+We have a 3 month release cycle, and the last two versions are supported.
+
+## Reporting a Vulnerability
+
+To report security issues send an email to rusty@rustcorp.com.au, or
+security@bockstream.com (not for support).
+
+## Signatures For Releases
+
+The following keys may be used to communicate sensitive information to
+developers, and to validate signatures on releases:
+
+| Name | Fingerprint |
+|------|-------------|
+| Rusty Russell | 15EE 8D6C AB0E 7F0C F999  BFCB D920 0E6C D1AD B8F1 |
+| Christian Decker | B731 AAC5 21B0 1385 9313  F674 A26D 6D9F E088 ED58 |
+| Lisa Neigut | 30DE 693A E0DE 9E37 B3E7  EB6B BFF0 F678 10C1 EED1 |
+| Alex Myers | 0437 4E42 789B BBA9 462E  4767 F3BF 63F2 7474 36AB |
+
+You can import a key by running the following command with that individual’s fingerprint: `gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.