diff --git a/content/docs/operating/security.md b/content/docs/operating/security.md
index b76af89c6efd8b70445c58607d0cd7ec1262b92c..06d110bc27a55d0620ef01123e1f99f9b1fc196c 100644
--- a/content/docs/operating/security.md
+++ b/content/docs/operating/security.md
@@ -161,3 +161,9 @@ members of the Prometheus development team and the staff of those providers
 have access. If you are concerned about the exact provenance of your binaries,
 it is recommended to build them yourself rather than relying on the
 pre-built binaries provided by the project.
+
+## External audits
+
+CNCF sponsored an external security audit by cure53 which ran from April 2018
+to June 2018. You can find the final report of the audit
+[here](assets/downloads/2018-06-11--cure53_security_audit.pdf).
diff --git a/static/downloads/2018-06-11--cure53_security_audit.pdf b/static/downloads/2018-06-11--cure53_security_audit.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..1d9e1834b63130ecfb92c3a9e86246be94fbda58
Binary files /dev/null and b/static/downloads/2018-06-11--cure53_security_audit.pdf differ