diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..7a9b89da53b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+If you believe you have found a vulnerability in MetaMask Core, please follow the steps below.
+
+## Reporting a vulnerability
+
+- Do not create public issues; instead, email security@metamask.io with a description.
+- Provide steps to reproduce the issue if possible.
+- Include any relevant logs or screenshots.
+
+## Our pledge
+
+- We will acknowledge your report within 5 business days.
+- We aim to keep you informed about the progress of your report.
+- We appreciate responsible disclosures and will not pursue legal action against reporters acting in good faith.
+
+## Scope
+
+This policy applies to the MetaMask Core codebase and related packages in this repository.
+
+Thank you for helping keep MetaMask and its users safe.