diff --git a/README.md b/README.md
index 7ca2bd64a..fa1a3eb0d 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,14 @@ Please put all issues regarding IPFS _design_ in the
 [ipfs repo issues](https://github.com/ipfs/ipfs/issues).
 Please put all issues regarding go IPFS _implementation_ in [this repo](https://github.com/ipfs/go-ipfs/issues).
 
+## Security Issues
+
+The IPFS protocol and its implementations are still in heavy development. This means that there may be problems in our protocols, or there may be mistakes in our implementations. And -- though IPFS is not production-ready yet -- many people are already running nodes in their machines. So we take security vulnerabilities very seriously. If you discover a security issue, please bring it to our attention right away!
+
+If you find a vulnerability that may affect live deployments -- for example, by exposing a remote execution exploit -- please send your report privately to security@ipfs.io. Please DO NOT file a public issue.
+
+If the issue is a protocol weakness that cannot be immediately exploited or something not yet deployed, just discuss it openly.
+
 ## Install
 
 The canonical download instructions for IPFS are over at: http://ipfs.io/docs/install