diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..72ed662
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# wolfSSL Security Policy
+
+## Reporting a Vulnerability
+
+Report security vulnerabilities to **security@wolfssl.com** or call **+1-425-245-8247**.
+
+Reports may be encrypted with our PGP key:
+
+    Fingerprint: A2A4 8E7B CB96 C5BE CB98 7314 EBC8 0E41 5CA2 9677
+    Key server: keys.openpgp.org
+
+## Full Policy
+
+Our coordinated vulnerability disclosure policy — including scope, threat-model
+boundaries, response commitments, and EU Cyber Resilience Act obligations — is
+published at:
+
+  https://www.wolfssl.com/.well-known/vulnerability-disclosure-policy.txt
+
+This policy covers wolfSSL, wolfCrypt, wolfBoot, wolfSSH, wolfMQTT, wolfTPM,
+wolfGuard, wolfCOSE, and other wolfSSL products.