why is it that big time banks choose the shittiest, most expensive and buggy cms that have equally expensive talent rather than build custom ones based on open source tech (actual open source tech not half assed solutions put on git that no gives a hoot about) for less than half of the price?
I've been around for a couple of RFPs(1), and the company I work for had one for a CMS recently.<p>The way it works is:<p>1) Business has a crappy, very manual website/intranet/whatever.<p>2) Someone with the actual capability to do something (CIO, manager, whatever) decides this has to change.<p>3) Input is asked from people from the business and people that are nominally technical. Usually the people that actually know the requirements or are going to maintain the new system are not included.<p>4) Other people from security, audits, etc. chime in<p>5) Someone (business analyst or project manager) transforms the laundry list of requirements into an RFP.<p>6) Business approves the RFP. It is sent out.<p>There are companies out there that live on RFPs. If you're lucky, they'll use open source software, but they might re-package that into their own CMS.<p>Companies that have the CMS that ticks the most boxes in the laundry list have a leg up. It doesn't matter if it's shitty and buggy, it's VERY hard to write "non-buggy" in an RFP (if the company is wise, they'll have a trial period with competing products, but that costs $$$).<p>So, the company ends up with proposals in the hundreds of thousands of dollars for what could have been an in-house project (be warned, a mismanaged one can run in the hundreds of thousands too, even with open source CMSs).<p>A period of time later, company will select the CMS and will drop that info on the team that will actually implement and maintain the buggy piece of crap (or even a decent product, if you're lucky).<p>(1) <a href="https://en.wikipedia.org/wiki/Request_for_proposal" rel="nofollow">https://en.wikipedia.org/wiki/Request_for_proposal</a><p>See also:<p><a href="https://doubleyourfreelancing.com/3-things-freelancers-know-rfps/" rel="nofollow">https://doubleyourfreelancing.com/3-things-freelancers-know-...</a>
A lot of answers:<p><pre><code> - No one gets fired for buying IBM
- The issues around compliance/security/support are/should be sorted as part of the contract
- OS projects don't invite managers for lunch
- You need to factor in the price of support if you run OS projects. You will probably need few devs and sysadmins to run an enterprise-level solution
- Documentation/training/videos for end-users</code></pre>
All software have security flaws, in open source it is simply easier to find these, also quality of opensource varies alot.<p>Just take Drupal as an example, it is used ALOT, but isn't really pretty to look at codewise, also it has had its share of vulnerabilities, which are very easy to find, partly because all source code is readily available.