diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..95cc3a1
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+As this is a web application, only the latest deployed version will be monitored and updated for security vulnerabilities.
+
+| Version  | Supported          |
+| -------- | ------------------ |
+| Latest   | :white_check_mark: |
+| Previous | :x:                |
+
+## Reporting a Vulnerability
+
+In the interest of open disclosure, you are welcome to write a research paper on any vulnerabilities you discover.
+In fact, we encourage you to exploit them if possible to demonstrate their potential impact.
+We are not particularly concerned with DevSecOps, so these "security vulnerabilities" are not a primary concern for us.
+Once you are done hacking our entire system, politely report the vulnerability securely via GitHub's private reporting system (recommended) or file a public issue and tell the world about it.
+We really don't care.