diff --git a/.github/ISSUE_TEMPLATE/SECURITY.md b/.github/ISSUE_TEMPLATE/SECURITY.md
new file mode 100644
index 0000000000..5ed20a879f
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/SECURITY.md
@@ -0,0 +1,26 @@
+---
+name: 🛡 Security
+about: Information on reporting security vulnerabilities
+---
+
+# Security Policy
+
+## Supported Versions
+
+As of November 2019 (and until this document is updated), only the v3.0.0-beta tags of Strapi are supported for updates. Any previous versions are currently not supported and users are advised to use them "at their own risk".
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to
+**[security@strapi.io](mailto:security@strapi.io)** or via the [Strapi Slack](https://slack.strapi.io).
+
+When reporting a (suspected) security vulnerabilitie via slack please reach out to any of the following Strapi employees directly:
+
+- `@aureliengeorget`
+- `@alexandre`
+- `@lauriejim`
+- `@soupette`
+
+You will receive a response from us within 72 hours. If the issue is confirmed,
+we will release a patch as soon as possible depending on complexity
+but historically within a few days.
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644
index 0000000000..d2ef0c1605
--- /dev/null
+++ b/docs/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+As of November 2019 (and until this document is updated), only the v3.0.0-beta tags of Strapi are supported for updates. Any previous versions are currently not supported and users are advised to use them "at their own risk".
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to
+**[security@strapi.io](mailto:security@strapi.io)** or via the [Strapi Slack](https://slack.strapi.io).
+
+When reporting a (suspected) security vulnerabilitie via slack please reach out to any of the following Strapi employees directly:
+
+- `@aureliengeorget`
+- `@alexandre`
+- `@lauriejim`
+- `@soupette`
+
+You will receive a response from us within 72 hours. If the issue is confirmed,
+we will release a patch as soon as possible depending on complexity
+but historically within a few days.