diff --git a/docs/usage/security-and-permissions.md b/docs/usage/security-and-permissions.md
index 17564cad2a2712c9ebd80526dd2c97cb6ad2accc..881afd71bcbadc4f72a009ff12fdfb1b9095162b 100644
--- a/docs/usage/security-and-permissions.md
+++ b/docs/usage/security-and-permissions.md
@@ -1,6 +1,32 @@
 # Security and Permissions
 
-## Global Permissions
+This page talks about our security stance, and explains what permissions are needed for the different ways you can run Renovate.
+
+## Security Stance
+
+Renovate is open source software, and comes with no guarantees or warranties of any kind.
+That said, we will try to fix security problems in a reasonable timeframe if possible.
+
+### No certifications
+
+Renovate the Open Source project does **not** have ISO 27001 or SOC2 certifications.
+WhiteSource the company, which maintains Renovate and operates the hosted Renovate App for GitHub, does have ISO 27001 and SOC2 certifications.
+
+### Security / Disclosure
+
+If you find any bug with Renovate that may be a security problem, then e-mail us at: [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com).
+This way we can evaluate the bug and hopefully fix it before it gets abused.
+Please give us enough time to investigate the bug before you report it anywhere else.
+
+Please do not create GitHub issues for security-related doubts or problems.
+
+## Permissions
+
+We apply the Principle of Least Privilege (PoLP) but do need substantial privileges in order for our apps to work.
+
+### Global Permissions
+
+These permissions are always needed to run the respective app.
 
 | Permission        | Renovate hosted app |  Forking Renovate  | Why                                                           |
 | ----------------- | :-----------------: | :----------------: | ------------------------------------------------------------- |
@@ -14,11 +40,11 @@
 | Pull Requests     | `read` and `write`  | `read` and `write` | Create update PRs                                             |
 | Workflows         | `read` and `write`  |   not applicable   | Explicit permission needed in order to update workflows       |
 
-## User permissions
+### User permissions
 
 Renovate can also request users's permission to the following resources.
 These permissions will be requested and authorized on an individual-user basis.
 
 | Permission | Renovate hosted app | Forking Renovate | Why                                                      |
 | ---------- | :-----------------: | :--------------: | -------------------------------------------------------- |
-| email      |       `read`        |       N/A        | Per-user consent requested if logging into App dashboard |
+| email      |       `read`        |  not applicable  | Per-user consent requested if logging into App dashboard |