diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..340e7de
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Reporting Vulnerabilities
+
+> **Warning** : Please do not create GitHub issues for security vulnerabilities.
+
+WSO2 takes security issues very seriously. If you have any concerns regarding 
+our product security or have uncovered a security vulnerability, we strongly 
+encourage you to report that to our private and highly confidential security 
+mailing list: security@wso2.com first, without disclosing them in any forums, 
+sites, or other groups - public or private. To protect the end-user security, 
+these issues could be disclosed in other places only after WSO2 completes its 
+[Vulnerability Management Process](https://docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Management+Process).
+
+[WSO2 guidelines for reporting a security vulnerability](https://docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Reporting+Guidelines) page describes how to report a Security Vulnerability and includes a public key if you wish to send secure messages to security@wso2.com