Why organizations buy software from commercial companies

April 20, 2007

One of the things that you hear over and over again is that organizations, including universities, often prefer to buy commercial software instead of using open source (or building something themselves). Often the ostensible reason is that when you buy from a company, there is a legal entity that will provide support, or be held accountable when something doesn't work, or the like, and open source doesn't have that.

System administrators often find this laughable, peculiar, and idiotic, and cannot understand why the bureaucracy would be taken in by this sort of sales job. We've read the 'warranties' on your typical piece of commercial software and can recite how open source actually provides better quality and support at the drop of a hat.

(The specific situation where this came up here was in a discussion of disk encryption solutions for laptops. There is a strong argument that open source systems are intrinsically better than the commercial ones, yet the university is mostly or entirely looking at commercial products.)

Many years ago at a Usenix conference, I heard Dan Greer speak about computer security in Wall Street firms. One of the things he said then has stuck with me ever since: he had come to understand that the purpose of computer security measures at Wall Street firms wasn't to keep things secure, it was to keep the firm's name from ever appearing above the fold on the front page of the Wall Street Journal.

Organizations buy commercial solutions for much the same reason. Provided that they did due diligence, it is not their fault if something goes wrong. Even if the product turns out to be intrinsically flawed, well, the vendor lied to them and it's not their fault.

(I suspect that the warranties do not protect vendors who lie in a typical RFP process from legal action, because I expect that part of the resulting contract between the vendor and the university is an assertion from the vendor that their proposal satisfies the RFP requirements.)

System administrators generally find this attitude extremely irritating, because our drive is to actually solve the problem. My personal opinion is that it does us good to remember that our priorities are not necessarily the organization's priorities.

Comments on this page:

From at 2007-04-21 01:50:13:

You are confusing commercial and proprietary. I'm no RMS, but in this case it seems a big eggregious. -- Pete

By cks at 2007-04-21 08:15:23:

From the perspective of organizations I think it is commercial that is important, not proprietary (although I suspect that it is important that the company be seen as providing the thing, not just support for it).

From the perspective of the (perceived) disadvantages, yes, you're absolutely right: those disadvantages are mostly those of proprietary products, not commercial products, since there are a few commercial open source products. Commercial open source still has some disadvantages; for example, in practice you can't modify them except in emergencies, because allowing modifications generally negates the advantage to the organization of going commercial.

(And sometimes you basically can't modify them at all, because modifying them negates your support rights for something else that you're running on top of them.)

It's interesting that several non-commercial open source products have become completely acceptable to organizations. No one blinks at using Apache, for example, to the point where there are no commercial competitors on Unix.

From at 2007-04-21 10:52:46:

You wrote:

"My personal opinion is that it does us good to remember that our priorities are not necessarily the organization's priorities."

This is an amazingly important point. It's one that most nerds -- and I include myself in that group -- never fully grok. It's actually why I got away from working directly for a chemical company and went into consulting. Honestly I'd prefer never again to work directly for a company whose primary business isn't software or IT consulting. The cognitive dissonance of being unable to do the OBVIOUS BEST GOOD RIGHT thing -- because of reasons having nothing to do with solving the actual problem -- can be just overwhelming.

-- jhkiley

By cks at 2007-04-25 13:18:33:

System administrators have a natural advantage here, because we're just glorified computer janitors and no one arranges their office furniture for the janitor's convenience. Even apart from the philosophical bits, any experienced sysadmin is used to being handed a system and told 'make this go', when the system is nothing like what we'd have designed ourselves, so we generally get a very direct exposure to the issue.

(There are various coping mechanisms that sysadmins use to deal with this, many of which do not help our reputation.)

Written on 20 April 2007.
« A thought about attitudes towards support requests
Weekly spam summary on April 21st, 2007 »

Page tools: View Source, View Normal, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Fri Apr 20 21:14:27 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.