diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..cc09cf1cc58
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+Security
+========
+
+angr is meant to be able to function as fully secure environment for analyzing code of any kind in its default configuration.
+As a result, we take sandbox escapes - opportunities for guest code to manipulate the host environment without the analysis author explicitly allowing it - very seriously.
+If you read all the documentation, you should be able to deploy angr to analyze untrusted code without worrying about it.
+
+If you find a sandbox escape bug of any sort by this definition, please let us know through a private channel.
+You can contact the core developers through their emails at audrey@rhelmot.io and fishw@asu.edu.