diff --git a/README.md b/README.md
index 63b31af..cc94cae 100644
--- a/README.md
+++ b/README.md
@@ -1417,6 +1417,6 @@ If you want to use native `siemens-ix` html elements, you have to handle events
 
 ## 📝 License
 
-Copyright © 2022 [Siemens AG](https://www.siemens.com/).
+Copyright © 2024 [Siemens AG](https://www.siemens.com/).
 
 This project is MIT licensed.
\ No newline at end of file
diff --git a/SECURITY.md b/SECURITY.md
index 36d1564..890925f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,9 +1,24 @@
-<!--
-SPDX-FileCopyrightText: 2024 Siemens AG
+# Security Policy
 
-SPDX-License-Identifier: MIT
--->
+Siemens takes the security of its code seriously. If you think you have found a security vulnerability,
+please read the next sections and follow the instructions to report your finding.
 
-# Reporting Security Issues
+## Scope of this policy
 
-If you believe you have found a security vulnerability in iX, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
\ No newline at end of file
+This is the default security policy for all repositories within the `siemens` organization on GitHub.com.
+
+It does not apply for reposities that have their own security policy.
+It also does not apply for forks where you should follow the upstream policy instead.
+
+If you are unsure whether the policy applies feel free to reach out via the channels mentioned below and we'll be happy to help.
+
+## Reporting a Vulnerability
+
+Please DO NOT report any potential security vulnerability via a public channel (mailing list, GitHub issue, etc.).
+Instead, [report the vulnerability privately via GitHub](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)
+(if enabled for the repository) or [contact us via email](mailto:opensource@siemens.com).
+
+Please provide a detailed description of the issue, the steps to reproduce it, the affected version(s) and, if already available,
+a proposal for a fix. You should receive a response within 5 working days. If for some reason you do not, please follow up via email to ensure we received your original message.
+
+If we confirm the issue as a vulnerability, we will publish an advisory (e.g. on GitHub) and give credits for your report if desired. We follow the [coordinated vulnerability disclosure](https://vuls.cert.org/confluence/display/CVD) model and will define an appropriate disclosure timeline together with you.
\ No newline at end of file