diff --git a/Cargo.lock b/Cargo.lock
index 4de53eb..ce6c313 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5629,6 +5629,12 @@ dependencies = [
  "solana-sdk-ids",
 ]
 
+[[package]]
+name = "solana-security-txt"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "468aa43b7edb1f9b7b7b686d5c3aeb6630dc1708e86e31343499dd5c4d775183"
+
 [[package]]
 name = "solana-seed-derivable"
 version = "2.2.1"
@@ -6522,6 +6528,7 @@ dependencies = [
  "solana-pubkey",
  "solana-rent",
  "solana-sdk",
+ "solana-security-txt",
  "thiserror 2.0.12",
 ]
 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..377011e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Reporting security problems
+
+**DO NOT CREATE A GITHUB ISSUE** to report a security problem.
+
+Instead please use this [Report a Vulnerability](https://github.com/solana-program/record/security/advisories/new) link.
+Provide a helpful title and detailed description of the problem.
+
+If you haven't done so already, please **enable two-factor auth** in your GitHub account.
+
+Expect a response as fast as possible in the advisory, typically within 72 hours.
+
+--
+
+If you do not receive a response in the advisory, send an email to
+<security@anza.xyz> with the full URL of the advisory you have created. DO NOT
+include attachments or provide detail sufficient for exploitation regarding the
+security issue in this email. **Only provide such details in the advisory**.
+
+If you do not receive a response from <security@anza.xyz> please followup with
+the team directly. You can do this in one of the `#Dev Tooling` channels of the
+[Solana Tech discord server](https://solana.com/discord), by pinging the admins
+in the channel and referencing the fact that you submitted a security problem.
diff --git a/program/Cargo.toml b/program/Cargo.toml
index 29d29fc..fe1d63b 100644
--- a/program/Cargo.toml
+++ b/program/Cargo.toml
@@ -24,6 +24,7 @@ solana-program-error = "2.2.1"
 solana-program-pack = "2.2.1"
 solana-pubkey = { version = "2.2.1", features = ["bytemuck"] }
 solana-rent = "2.2.1"
+solana-security-txt = "1.1.1"
 thiserror = "2.0.12"
 
 [dev-dependencies]
diff --git a/program/src/entrypoint.rs b/program/src/entrypoint.rs
index f52b183..ede4189 100644
--- a/program/src/entrypoint.rs
+++ b/program/src/entrypoint.rs
@@ -4,6 +4,7 @@
 
 use {
     solana_account_info::AccountInfo, solana_program_error::ProgramResult, solana_pubkey::Pubkey,
+    solana_security_txt::security_txt,
 };
 
 solana_program_entrypoint::entrypoint!(process_instruction);
@@ -14,3 +15,15 @@ fn process_instruction(
 ) -> ProgramResult {
     crate::processor::process_instruction(program_id, accounts, instruction_data)
 }
+
+security_txt! {
+    // Required fields
+    name: "SPL Record",
+    project_url: "https://solana-program.com/record",
+    contacts: "link:https://github.com/solana-program/record/security/advisories/new,mailto:security@anza.xyz,discord:https://solana.com/discord",
+    policy: "https://github.com/solana-program/record/blob/master/SECURITY.md",
+
+    // Optional Fields
+    preferred_languages: "en",
+    source_code: "https://github.com/solana-program/record/tree/master/program"
+}