Today, important systems, relevant for the economy and for the proper operation of governments are more and more being controlled by Critical Infrastructures and Security Software. The increasing dependence on technologies increase the risks associated to these technologies. The development of secure software demands to identify and to assess the possible hazards that may affect software and cause him to fail. The current methods and methodologies are no guaranty for the proper development of this sector. The quality of software is strongly linked to its security and, at the same time, it is impossible to speak of security without a Management System for information security that links legal, physical, logical, and operational as well as process measures