diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
index 676f4374b..b3d456659 100644
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -34,6 +34,4 @@ The best reproductions are self-contained scripts with minimal dependencies. If
 
 ## Security vulnerabilities
 
-To report sensitive vulnerability information, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
-
-If your organisation/employer is a distributor of Pillow and would like advance notification of security-related bugs, please let us know your preferred contact method.
+Please see our [security policy](https://github.com/python-pillow/Pillow/blob/master/.github/SECURITY.md).
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 000000000..c6369fdef
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,5 @@
+# Security policy
+
+To report sensitive vulnerability information, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
+
+If your organisation/employer is a distributor of Pillow and would like advance notification of security-related bugs, please let us know your preferred contact method.