diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 6f81e8f0..e43f9511 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -9,6 +9,8 @@ your contributions.
   issues](https://github.com/thelounge/lounge/issues?q=is%3Aissue) to see if
   this was not already discussed before. If you can't see any, feel free to
   [open a new issue](https://github.com/thelounge/lounge/issues/new).
+- If you think you discovered a security vulnerability, **do not open a public
+  issue on GitHub.** Refer to our [security guidelines](SECURITY.md) instead.
 
 ### I want to contribute to the code
 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..d7d17fd6
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Responsible Disclosure of Security Vulnerabilities
+
+- ⚠️ **Do not open public issues on GitHub to report security vulnerabilities.**
+- Contact us privately first, in a
+  [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure)
+  manner.
+- On IRC, send a private message to any voiced user on our Freenode channel,
+  `#thelounge`.
+- By email, send us your report at <mailto:security@thelounge.chat>.