SLING-10676 - add or update SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..2e2f930
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy for Apache Sling modules
+
+This module is part of the [Apache Sling Project](https://sling.apache.org), a
+project of the [Apache Software Foundation](https://apache.org) (ASF).
+
+It follows the ASF's [vulnerability handling process](https://apache.org/security/#vulnerability-handling) and
+provides its own [security information page](http://sling.apache.org/project-information/security.html).
+
+## Reporting a Vulnerability
+
+To report a new vulnerability you have discovered in an Apache Sling module,
+please follow the instructions on the
+[project's security page](http://sling.apache.org/project-information/security.html) .
\ No newline at end of file