diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..5e372b9
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Supported Versions
+Pyzipper is based on Python’s `zipfile` from Python 3.7.  
+The latest release is **0.3.6 (July 31, 2022)**.  
+We currently support and test against:
+
+- Python 3.7
+- Python 3.8
+- Python 3.9
+- Python 3.10
+- Python 3.11+
+  
+Older versions may work but are not actively supported.
+
+## Reporting a Vulnerability
+We take security issues seriously. If you discover a vulnerability:
+
+1. **Do not open a public GitHub issue immediately.**
+2. Instead, please email the maintainers (listed in AUTHORS.rst or commit history).
+3. Provide:
+   - Steps to reproduce
+   - Impact assessment
+   - Suggested mitigation or patch if possible
+
+We will acknowledge receipt within **7 days** and aim to provide a fix or mitigation within **30 days**.
+
+## Disclosure Process
+- Vulnerabilities will be patched in a new release.
+- Security advisories will be published via GitHub.
+- Credit will be given to reporters unless anonymity is requested.