diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..b6d5ea7d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting a Vulnerability
+If you discover a vulnerability in this project, **please do not open a public issue** on GitHub.
+
+Instead, use our contact form:
+🔗 [https://www.openkm.com/en/contact.html](https://www.openkm.com/en/contact.html)
+
+Clearly indicate that your message is about a vulnerability. Within **72 business hours**, we will contact you to request the detailed report.
+
+## Responsible Disclosure
+- Please do not publicly disclose the information until we have verified and fixed the issue.
+- We commit to keeping you informed of the progress.
+
+## CVE
+The OpenKM team **does not directly manage CVE requests**, but we are open to **collaborating with you** in the process so that you receive proper credit.
+
+## Acknowledgment
+We highly value and appreciate the community’s contributions to improving the security of OpenKM.