diff --git a/ChangeLog.md b/ChangeLog.md
index 6fc1107c17..6d8c70eaaf 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add SECURITY.md ([#1147](https://github.com/josefpihrt/roslynator/pull/1147))
+
 ## [4.4.0] - 2023-08-01
 
 ### Added
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..4aff6dedaa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+When it comes to security updates, the current major version is supported.
+Any vulnerabilities that affect older versions will be considered on a case-by-case basis.
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- |:------------------:|
+| 4.x     | :white_check_mark: |
+| CLI 0.x | :white_check_mark: |
+| Extension for VS 2022 | :white_check_mark: |
+| Extension for VS Code | :white_check_mark: |
+
+## Out of Support Versions
+
+| Version | Supported |
+| ------- |:---------:|
+| < 4.0   | :x:       |
+| Extension for VS 2019 and older | :x: |
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to GitHub [issues](https://github.com/JosefPihrt/Roslynator/issues/new).
+Once confirmed, we will release a patch as soon as possible.
\ No newline at end of file