diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..0095d631d7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Reporting security issues
+BigCommerce is dedicated to the responsible disclosure of security vulnerabilities.
+If you have found a security vulnerability in an active open-source repository created and owned by BigCommerce, please report it to our [public bug bounty program](https://bugcrowd.com/bigcommerce). If you would prefer to submit via email, please send your report to [security@bigcommerce.com](mailto:security@bigcommerce.com).
+
+We ask that you **do not** open a public GitHub issue to report security concerns.
+
+_Note: Only submissions to our bounty program on BugCrowd will be eligible for bounties. Bounty eligibility and amounts are determined according to the program guidelines._
+
+_Note: Bugs in 3rd-party modules and/or dependencies should be reported to the owners/maintainers or those modules and/or dependencies, BigCommerce has no control or authority over third party content._
+
+Thank you in advance for collaborating with us to help protect us and our customers.