diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..ff740306
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+##  Sponsoring the project
+
+This project is maintained by a small team of four and therefore lacks the resource to provide security fixes in a very timely manner.
+
+That said, even though we are very passionate about making Helmfile rock solid security wise, all issues are handled on the best effort basis.
+
+If you have important business(es) that relies on this project, please consider sponsoring the maintainers, so that they can commit more on providing such service.
+
+> *Note* that we don't currently have project-wide sponsorship enabled as we don't know how to share the amount of sponsorships with fairness.
+> Please sponsor individuals instead! Thanks for your understanding.
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.144.0  | :white_check_mark: |
+| < 0.144.0| :x:                |
+
+## Reporting a Vulnerability
+
+To report a security issue, please email helmfile-security@googlegroups.com with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+A maintainer will try to respond within 5 working days. If the issue is confirmed as a vulnerability, a Security Advisory will be opened. This project currently tries to follow a 90 day disclosure timeline.