Why organizations buy software from commercial companies

April 20, 2007

One of the things that you hear over and over again is that organizations, including universities, often prefer to buy commercial software instead of using open source (or building something themselves). Often the ostensible reason is that when you buy from a company, there is a legal entity that will provide support, or be held accountable when something doesn't work, or the like, and open source doesn't have that.

System administrators often find this laughable, peculiar, and idiotic, and cannot understand why the bureaucracy would be taken in by this sort of sales job. We've read the 'warranties' on your typical piece of commercial software and can recite how open source actually provides better quality and support at the drop of a hat.

(The specific situation where this came up here was in a discussion of disk encryption solutions for laptops. There is a strong argument that open source systems are intrinsically better than the commercial ones, yet the university is mostly or entirely looking at commercial products.)

Many years ago at a Usenix conference, I heard Dan Greer speak about computer security in Wall Street firms. One of the things he said then has stuck with me ever since: he had come to understand that the purpose of computer security measures at Wall Street firms wasn't to keep things secure, it was to keep the firm's name from ever appearing above the fold on the front page of the Wall Street Journal.

Organizations buy commercial solutions for much the same reason. Provided that they did due diligence, it is not their fault if something goes wrong. Even if the product turns out to be intrinsically flawed, well, the vendor lied to them and it's not their fault.

(I suspect that the warranties do not protect vendors who lie in a typical RFP process from legal action, because I expect that part of the resulting contract between the vendor and the university is an assertion from the vendor that their proposal satisfies the RFP requirements.)

System administrators generally find this attitude extremely irritating, because our drive is to actually solve the problem. My personal opinion is that it does us good to remember that our priorities are not necessarily the organization's priorities.

Written on 20 April 2007.
« A thought about attitudes towards support requests
Weekly spam summary on April 21st, 2007 »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Apr 20 21:14:27 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.