diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000000..3f34d85f75
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 10.0.x  | :heavy_check_mark: |
+| 9.1.x   | :heavy_check_mark: |
+| < 9.1   | :x:                |
+
+## Reporting a Vulnerability
+
+If you think you have found a possible vulnerability please reach out to the _private_ project mailing list
+private@nuttx.apache.org or the Apache Security list security@apache.org.
+
+Please **DO NOT** create a GitHub issue or email the project dev list as they are public.
+This project follows the Apache Vulnerability Handling Policy docuemnted [here](https://www.apache.org/security/committers.html#vulnerability-handling)
diff --git a/README.md b/README.md
index c38fdb02cb..520320f720 100644
--- a/README.md
+++ b/README.md
@@ -102,6 +102,10 @@ Get help using NuttX or contribute to the project on our mailing lists:
     * View the archives at:
       <https://www.mail-archive.com/commits@nuttx.apache.org/>
 
+## Reporting Security Issues
+
+Found a vulnerability? See our security policy [here](.github/SECURITY.md).
+
 ## Issue Tracker
 
 ### Bug Reports: