[jussij]

What are the 'consequences of getting this wrong'? Surely if a company has 'y' users all wanting to use a software product that company purchases y+1 licenses just to make sure they are covered. The problem is a company wanting 'y' licenses more often than not want a y where the y is 1 and they're not looking to engage the thought of making a y+1 purchase. However, they still want to be invoiced for the purchase and have their payment come 30 days later, which will require many additional hours chasing that late payment that comes 45 days later. Yet somehow, they don't understand every scammer uses the exact same approach, but of course the scammer never bothers with the pretense of offering to actually pay any late bills, so in fact scammers cost the software provide less in the way of lost time.

[MandieD]

If your company can credibly show that we knew that there were instances of your product running on several hundred of our PCs, but we can't prove that we were paying for the licenses, you can sue us for a lot more than those licenses would have cost, depending on where you're located and where we have official presence. You might not win, but you're still going to cost us a lot of money and time. Relying on tens of thousands of users to potentially manage their own licenses for thousands of products would be an absolute nightmare.

But why do we know what users have installed on the PCs assigned to them, aside from the licensing? When your product has a security hole (and unless your product never, ever talks to the Internet or other devices, it will someday), we need to know exactly who has it so that we can force them to patch. Again, tens of thousands of users with potentially thousands of products that need to have security issues tracked. Nightmare.

So if your custom software house** doesn't want to sell us your product in a way and provide management mechanisms that we feel comfortable with, then we'll find one of the many that does, or is happy to work with our preferred resellers. Or we will help departments redesign their processes to not need it.

Corporate IT cares deeply about what managers want, as they pay the bills. If they want your product for their subordinates, we will work to make that happen in a way that keeps our legal department and IT security management happy. Corporate IT cares deeply about users being able to use the products and services their managers are paying for. Corporate IT does not give a fig what individual users want, if they can't get their managers to pay for the cost of us dealing with that new product.

Negotiating license agreements and tracking usage, as I said before, is a full time job for several people. I am fortunately not one of them, but I've worked with them when supporting products within the company. Large companies do not employ these folks out of charity.

Corporate IT and corporate life is certainly not for everyone. Corporate IT doesn't work this way because we're humorless prigs; it works this way because there are billions in sensitive data and intricate production processes to protect, and tens of thousands of well-meaning folks who are competent in things other than infosec potentially providing network access to people who are not well-meaning.

If you want that sweet sweet corporate cash, figure out how to accommodate their purchase and IT management processes. Software resellers may be a good compromise. If you don't want to deal with corporate purchasing, don't be upset when a lot of your potential users end up with someone else's product.

** Anything smaller and more niche than SAP may as well be a "custom software house".

[MandieD]

Too late to add this edit: now that I've thought about it for a bit, I think that many of our software purchases are via software resellers. One of the main reasons is that getting a new vendor approved by Accounting for payments is a slow, painful (to us) process that involves Legal (contracts!). As I'm neither an accountant nor a lawyer, I'm willing to accept that they have good reasons for their processes (preventing me from easily funneling money to a relative, for example) and just see it as another fact of corporate life instead of railing against it. In return, they do us the courtesy of accepting that they can't just install whatever they like on their PCs.

Legal is often still involved when it comes to new software products, because, among other things, there's GDPR. Oh, and Works Council.

My main point remains unchanged: relying on tens of thousands of end users to manage their licenses is something that large enterprises just can't do, so we end up with rules that seem draconian, and you, the hopeful seller of software/services to be used in corporate environments, will benefit from understanding how we work, even if you think it's stupid.