diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..0551ac700
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Reporting Security Issues
+
+If you discover a security issue in webpack, please report it by sending an
+email to [webpack@opencollective.com](mailto:webpack@opencollective.com).
+
+This will allow us to assess the risk, and make a fix available before we add a
+bug report to the GitHub repository.
+
+Thanks for helping make webpack safe for everyone.
diff --git a/package.json b/package.json
index 50aef0ab7..bc719502f 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,8 @@
     "buildin/",
     "hot/",
     "web_modules/",
-    "schemas/"
+    "schemas/",
+    "SECURITY.md"
   ],
   "scripts": {
     "setup": "node ./setup/setup.js",