Challenges and Approaches of Performing Canonical Action Research in Software Security