A lot of organizations are interested in open source software, but fail to give it a fair chance compared to proprietary solutions. One reason for this is that the typical invitation to tender process puts open source at a disadvantage. Open source, as it happens, is made in a different ecosystem.

The software acquisition process often focuses on licenses, and this is where the first mistakes are made. Recently a (Dutch) municipality burned its fingers because they asked directly for Microsoft licenses in an invitation to tender. It is also common that organizations ask for experience with licenses that represent a certain turnover. But how many vendors have ever earned money on licenses of open source? None. So who has the money to respond to such invitations to tender? Nobody!

Beyond licenses, an organization wants software support because this guarantees the continued useful deployment of this software. For proprietary software it is necessary that their vendors provide long term support, because no one else provides the software. The management of this risk demands that you ask the relevant vendor for guarantees. Even then, this is not always sufficient. For example, organizations that still run on Siebel or IBM OS/2 still have a problem.

Open source does not have such vendors (yet), and demanding long term support will then put open source at a disadvantage and actually tries to solve a problem that does not exist. If you want to change support vendors for open source software somewhere during the software lifecycle you just do it. Mature risk management of open source will lead to more important questions. For example: is there a good and functioning community of supporters, and will it continue to be so in the future? We then find that there are large differences between the various Linux distributions, for example, with regards to the size of reference implementations and the speed with which security issues are patched. Different ecosystems, different risks, they ask for different risk control measures.