diff --git a/general/security/developer.md b/general/security/developer.md
index 9dc0a17290d0db7540a43ec05fc08d1bd05a98d5..bbf2ff13265c39c4c2cef131cf9f11a1ba274f14 100644
--- a/general/security/developer.md
+++ b/general/security/developer.md
@@ -142,6 +142,18 @@ versions. It also helps to reduce the possibility of having unwanted side effect
 as the fix will be focused on the issue. Improvements can be done publicly after
 the security release is done.
 
+#### Feature flags
+
+Security issues normally aren't implemented behind feature flags, even if the flag defaults to the secure
+configuration. The reason for this is that we don't want to introduce any "make the GitLab instance vulnerable"
+option in the product.
+
+There is one exception to the guideline above and it is for security fixes that change the original intended
+design of a feature. If we had overseen a certain security aspect of a feature while designing it and we
+introduce a breaking change to it as a fix, we can add a feature flag that defaults to the secure configuration.
+The breaking change should be mentioned in the security release blog post with a note about how to change to the
+old behavior and the consequences of doing so. The feature flag should be removed in the next major version.
+
 ### Backports
 
 Because all security fixes go into [at least three monthly releases], three additional branches