diff --git a/LICENSE b/LICENSE
index 3a2b87e2d69e600999f1f648f751ea185e3ee06a..1773b39679f22b9c8d2f4018c860948e27025fa0 100644
--- a/LICENSE
+++ b/LICENSE
@@ -174,3 +174,4 @@ incurred by, or claims asserted against, such Contributor by reason of your
 accepting any such warranty or additional liability.
 
 END OF TERMS AND CONDITIONS
+
diff --git a/README.md b/README.md
index 43206c00c3b0a05681632e2fa2e837349fb497f0..3bf58dc26f53bc2479da3a5efa08ac8de0feda53 100644
--- a/README.md
+++ b/README.md
@@ -130,3 +130,4 @@ $ make cva6_ooc CLK_PERIOD_NS=20 BATCH_MODE=0
 This command generates synthesis and place and route reports in **fpga/reports_cva6_ooc_synth** and **fpga/reports_cva6_ooc_impl**.
 
 
+
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000000000000000000000000000000000..fd36b03ca4b69894670e733bd7fe65b5a043a602
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,45 @@
+Describe here all the security policies in place on this repository to help your contributors to handle security issues efficiently.
+
+## Goods practices to follow
+
+:warning:**You must never store credentials information into source code or config file in a GitHub repository** 
+- Block sensitive data being pushed to GitHub by git-secrets or its likes as a git pre-commit hook
+- Audit for slipped secrets with dedicated tools
+- Use environment variables for secrets in CI/CD (e.g. GitHub Secrets) and secret managers in production
+
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.
+
+You can ask for support by contacting security@opensource.thalesgroup.com
+
+## Disclosure policy
+
+Define the procedure for what a reporter who finds a security issue needs to do in order to fully disclose the problem safely, including who to contact and how.
+
+## Security Update policy
+
+Define how you intend to update users about new security vulnerabilities as they are found.
+
+## Security related configuration.
+
+Settings users should consider that would impact the security posture of deploying this project, such as HTTPS, authorization and many others.
+
+## Known security gaps & future enhancements.
+
+Security improvements you haven’t gotten to yet.
+Inform users those security controls aren’t in place, and perhaps suggest they contribute an implementation