diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..ef73aad3
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you believe you've found something in Django REST Framework JSON API which has security implications, please **do not raise the issue in a public forum**.
+
+Send a description of the issue via email to [rest-framework-security@googlegroups.com][security-mail]. The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure.
+
+[security-mail]: mailto:rest-framework-security@googlegroups.com
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index c3f7d0f1..be1d0499 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -52,9 +52,21 @@ To setup pre-commit hooks first create a testing environment as explained above
 
 ## For maintainers
 
+### Create release
+
 To upload a release (using version 1.2.3 as the example) first setup testing environment as above before running below commands:
 
     python setup.py sdist bdist_wheel
     twine upload dist/*
     git tag -a v1.2.3 -m 'Release 1.2.3'
     git push --tags
+
+
+### Add maintainer
+
+In case a new maintainer joins our team we need to consider to what of following services we want to add them too:
+
+* [Github organization](https://github.com/django-json-api)
+* [Read the Docs project](https://django-rest-framework-json-api.readthedocs.io/)
+* [PyPi project](https://pypi.org/project/djangorestframework-jsonapi/)
+* [Google Groups security mailing list](https://groups.google.com/g/rest-framework-jsonapi-security)