diff --git a/README.md b/README.md
index 8d639e0..2237019 100644
--- a/README.md
+++ b/README.md
@@ -146,8 +146,8 @@ TODO_ALLOW_FILE_ATTACHMENTS = True
 TODO_ALLOWED_FILE_ATTACHMENTS = [".jpg", ".gif", ".csv", ".pdf", ".zip"]
 TODO_MAXIMUM_ATTACHMENT_SIZE = 5000000  # In bytes
 
-# additionnal classes the comment body should hold
-# adding "text-monospace" makes comment monospace
+# Additional classes the comment body should hold.
+# Adding "text-monospace" makes comment monospace
 TODO_COMMENT_CLASSES = []
 
 # The following two settings are relevant only if you want todo to track a support mailbox -
@@ -301,6 +301,8 @@ django-todo uses pytest exclusively for testing. The best way to run the suite i
 
 ## Version History
 
+**2.4.11** Add SECURITY.md
+
 **2.4.10** It is now possible to use unicode characters (such as Chinese) as the only chars in a list title.
 
 **2.4.9** Fixed: Editing a task should not change its completed/incomplete status
@@ -401,7 +403,7 @@ That was the plan, but unfortunately, `makemigrations` created new tables and dr
 
 ### Datepicker
 
-django-todo no longer references a jQuery datepicker, but defaults to native html5 browser datepicker (not supported by Safari, unforunately). Feel free to implement one of your choosing.
+django-todo no longer references a jQuery datepicker, but defaults to native html5 browser datepicker. Feel free to implement one of your choosing.
 
 ### URLs
 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..300fb75
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+# Security
+
+If you find what you believe is a security issue with django-todo, please send a detailed report to django_todo_security_1213@birdhouse.org before publicizing. We thank you for your discretion.