I would pitch it to them, not on the explanation I’ve had, but to say, "Look. Look at OpenSSL and your Heartbleed bug. That caused vulnerabilities for you. It’s not that it’s more vulnerable than closedware software, but what was missing was you weren’t paying a regular license fee every year to make sure it gets quickly patched."