diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..04351502
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security Policy
+
+## Reporting a vulnerability
+If you have discovered a security vulnerability in the hipFile or rocFile
+libraries, please do NOT report it publicly using a GitHub issue. Instead,
+you should report the issue via the AMD Product Security website:
+
+https://www.amd.com/en/resources/product-security.html