diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..58c3ec1
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+This project makes heavy use of `eval` and similar concepts.
+
+Queries are not meant to come from untrusted sources.
+
+## Supported Versions
+
+Only the latest release is supported. I will not backport fixes.
+
+## Reporting a Vulnerability
+
+Contact me at tiposchi@tiscali.it
+
+My PGP key is on this file, on git.
+debian/upstream/signing-key.asc