diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..4449c1b4a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Reporting a Vulnerability
+
+To report a vulnerability, please open a private vulnerability report at https://github.com/vitest-dev/vitest/security.
+
+While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Vitest to ensure your application remains as secure as possible.