I learnt recently of the incredible power procurement officers in government have over purchases, even over purchases well outside their area of expertise. In many ways it explained the slow movement of the public sector towards open source, despite all open source software’s obvious benefits for and alignment with the public sector. It also helps to explain the incredible amount of money that has been wasted by the public sector in IT projects.
In particular I think the risk models for software are different and purchasing officers need to be aware of those differences; contrary to other acquisitions they would have experience of, software acquisition risk is not reduced inline with the financial strength of the software’s supplier or manufacturer, but with its openness.
The more open a piece of software, the lower the risk. This is not just about whether or not the source is open, it includes other measures. For example the openness of the development tools and frameworks and libraries utilised in making the software, the degree to which the documentation is open, whether or not the software conforms to relevant open standards and the degree to which the deployment is open.
So the lowest possible risk is a piece of software whose source is open, whose development tools, frameworks and libraries are open, whose documentation is open, which utilises open standards and has no restrictions on deployment numbers.
The highest risk comes with software whose source is closed (cannot be modified, supported or fixed by others), which is based on closed development tools, frameworks and libraries (so your choice of where and how to deploy the software is controlled by others), whose documentation is closed (and thus you cannot choose to correct it and or tailor it to your needs), which does not utilise open standards (thus making it incredibly hard to move away from and limiting what other applications you use with it) and which restricts the deployment (how many machines/users can utilise it is something you have to manage or risk prosecution).
Once you understand the model of risk with software, it is easy to see that the traditional model being applied tended to result in very closed software being selected, as it is exactly those attributes being closed that tend to result in high prices for the software and support being chargeable. It also makes for a simple explanation of all that public sector expenditure…