diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..581a61d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Splunk Connect for Syslog does not support "hotfix" patching, so all bug fixes (including security issues) are contained within the latest GA release.
+
+## Reporting a Vulnerability
+
+Splunk takes security vulnerabilities very seriously. When a member of the community identifies a potential security issue, it needs to be reported fully and carefully. A diligent Community helps keep us all safer and Splunk appreciates your timely and responsible disclosure of any security concern.
+
+To report a potential vulnerability in Splunk Connect for Syslog, please contact the Splunk Product Security Team via the Splunk website:
+https://www.splunk.com/en_us/form/bug-submission-prodsec.html
+
+Per the Splunk Product Security Policy, A Splunk representative will be in touch with you within 2 business days of receipt of your communication.
+
+All fixed security bugs are listed on the Splunk Product Security Portal page:
+https://www.splunk.com/page/securityportal
+