Start better documenting our security procedure
diff --git a/docs/contributing.rst b/docs/contributing.rst
index b125d1a..dc8ce45 100644
--- a/docs/contributing.rst
+++ b/docs/contributing.rst
@@ -32,11 +32,8 @@
The purpose of these policies is to minimize the chances we merge a change
which jeopardizes our users' security.
-We do not yet have a formal security contact. To report security issues in
-``cryptography`` you should email ``alex.gaynor@gmail.com``, messages may be
-encrypted with PGP to key fingerprint
-``E27D 4AA0 1651 72CB C5D2 AF2B 125F 5C67 DFE9 4084`` (this public key is
-available from most commonly-used keyservers).
+If you believe you've identified a security issue in ``cryptography``, please
+follow the directions on the :doc:`security page </security>`.
Code
----
diff --git a/docs/index.rst b/docs/index.rst
index 5cc455f..a868a5d 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -34,4 +34,5 @@
primitives/index
bindings/index
contributing
+ security
community
diff --git a/docs/security.rst b/docs/security.rst
new file mode 100644
index 0000000..36c8e0f
--- /dev/null
+++ b/docs/security.rst
@@ -0,0 +1,12 @@
+Security
+========
+
+We take the security of ``cryptography`` seriously. If you believe you've
+identified a security issue in it, please report it to
+``alex.gaynor@gmail.com``. Message may be encrypted with PGP using key
+fingerprint ``E27D 4AA0 1651 72CB C5D2 AF2B 125F 5C67 DFE9 4084`` (this public
+key is available from most commonly-used keyservers).
+
+Once you’ve submitted an issue via email, you should receive an acknowledgment
+within 48 hours, and depending on the action to be taken, you may receive
+further followup emails.