diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644
index 00000000..bb24654f
--- /dev/null
+++ b/docs/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Coder sponsors development and maintenance of the code-server project. We will fix security issues within 90 days of receiving a report, and publish the fix in a subsequent release. The code-server project does not provide backports or patch releases for security issues at this time.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.9.3   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please send an email to security[@]coder.com and our security team will respond to you.