Dr. Daniela S. Cruzes is a researcher scientist at SINTEF. Previously, she was adjunct associate professor at the Norwegian University of Science and Technology (NTNU). She worked as a researcher fellow at the University of Maryland and Fraunhofer Center for Experimental Software Engineering-Maryland. Dr. Daniela Cruzes received her PhD in experimental software engineering from the University of Campinas - UNICAMP in Brazil in 2007. Her research interests are empirical software engineering, research methods and theory development,  synthesis of SE studies, software security, software testing and agile and DevOps.

ABSTRACT

When studying work practices, it is important to obtain accurate and reliable information about how work is actually done.  Action research is an interactive inquiry process that balances problem solving actions implemented in a collaborative context with data-driven collaborative analysis or research to understand underlying causes enabling future predictions about personal and organizational change. Our research team has been engaged in action research in software organizations in Norway for two years. In this paper we describe some of the challenges in performing canonical action research in software security. We have structured the discussion of the challenges based on the principles of canonical action research, and we draw some lessons learned and future work towards improving the adoption of action research in software security research.