diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000000000000000000000000000000000..21093d904a354f202fdcb4f02ade2b8e1d388488
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,38 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the
+Autosubmit project.
+
+  * [Reporting Security Issues](#reporting-security-issues)
+  * [Preferred Languages](#preferred-languages)
+  * [Policy](#policy)
+
+## Reporting Security Issues
+
+**Please do NOT report security vulnerabilities through public issues.**
+
+The Autosubumit maintainers take security bugs seriously. Thank you for
+improving the security of Autosubumit. We appreciate your efforts and responsible
+disclosure and will make every effort to acknowledge your contributions.
+
+If you believe you have found a security vulneratibility in Autosubmit,
+please report it by sending an email to
+<a href="mailto:support-autosubmit@bsc.es">support-autosubmit@bsc.es</a>.
+
+## Preferred Languages
+
+All communications are preffered to be in English, Spanish, or Catalan.
+
+## Policy
+
+When the Autosubmit maintainers receive a security bug report, they will
+assign it to a primary handler. This person will coordinate the fix and
+release process as follows:
+
+* Confirm the problem and determine the affected versions.
+* Audit code to find any potential similar problems.
+* Prepare fixes for all releases still under maintenance.
+* Cut new releases as soon as possible.
+
+CVE's may also be issued depending on the risk level, with credit to
+the reporter.