diff --git a/README.rst b/README.rst
index b7f4ba9a..d3e4ba0f 100644
--- a/README.rst
+++ b/README.rst
@@ -173,6 +173,7 @@ Usage::
       B320  xml_bad_etree
       B321  ftplib
       B322  input
+      B323  unverified_context
       B401  import_telnetlib
       B402  import_ftplib
       B403  import_pickle
diff --git a/bandit/blacklists/calls.py b/bandit/blacklists/calls.py
index 47858ca3..075bdce1 100644
--- a/bandit/blacklists/calls.py
+++ b/bandit/blacklists/calls.py
@@ -278,6 +278,20 @@ is safe in Python 3.
 | B322 | input               | - input                            | High      |
 +------+---------------------+------------------------------------+-----------+
 
+B323: unverified_context
+------------------------
+
+By default, Python will create a secure, verified ssl context for use in such
+classes as HTTPSConnection. However, it still allows using an insecure
+context via the _create_unverified_context that reverts to the previous
+behavior that does not validate certificates or perform hostname checks.
+
++------+---------------------+------------------------------------+-----------+
+| ID   |  Name               |  Calls                             |  Severity |
++======+=====================+====================================+===========+
+| B322 | unverified_context  | - ssl._create_unverified_context   | Medium    |
++------+---------------------+------------------------------------+-----------+
+
 """
 
 from bandit.blacklists import utils
@@ -509,4 +523,13 @@ def gen_blacklist():
         'HIGH'
         ))
 
+    sets.append(utils.build_conf_dict(
+        'unverified_context', 'B323', ['ssl._create_unverified_context'],
+        'By default, Python will create a secure, verified ssl context for '
+        'use in such classes as HTTPSConnection. However, it still allows '
+        'using an insecure context via the _create_unverified_context that '
+        'reverts to the previous behavior that does not validate certificates '
+        'or perform hostname checks.'
+        ))
+
     return {'Call': sets}
diff --git a/examples/unverified_context.py b/examples/unverified_context.py
new file mode 100644
index 00000000..0f454395
--- /dev/null
+++ b/examples/unverified_context.py
@@ -0,0 +1,7 @@
+import ssl
+
+# Correct
+context = ssl.create_default_context()
+
+# Incorrect: unverified context
+context = ssl._create_unverified_context()
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
index 5667001d..45224817 100644
--- a/tests/functional/test_functional.py
+++ b/tests/functional/test_functional.py
@@ -689,3 +689,11 @@ class FunctionalTests(testtools.TestCase):
             'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 1}
         }
         self.check_example('input.py', expect)
+
+    def test_unverified_context(self):
+        '''Test for `ssl._create_unverified_context`.'''
+        expect = {
+            'SEVERITY': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 1, 'HIGH': 0},
+            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 1}
+        }
+        self.check_example('unverified_context.py', expect)