diff --git a/docs/security-events.md b/docs/security-events.md
new file mode 100644
index 000000000..28e95db70
--- /dev/null
+++ b/docs/security-events.md
@@ -0,0 +1,13 @@
+# Moby Security Events
+
+The incomplete list below is an assessment of some CVEs, and Moby's resilience
+(or not) to them.
+
+### Bugs mitigated:
+
+* [CVE-2017-2636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636)
+  ([exploit post](https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html)):
+  This CVE requires `CONFIG_N_HDLC={y|m}`, which Moby does not specify, and so
+  is not vulnerable.
+
+### Bugs not mitigated: