The moment that a major security bug is discovered in your app, you will need to upgrade it. It's not as simple as just saying that you can still run the old version. That's just one issue of many. There are many, many more hidden costs than you're giving free software credit for.
Of course... if it's outside facing... internal stuff can be delayed (and often is).... but again, that's why you pay admins for. Usually feature updates (api changes) and security updates are kept separate (unless you waited with the feature update, until there was a security issue).... but again, the thing is still yours.
it's like a taxi vs a free car + free parts, and all you need is gas and time to do service.
Yes, that's the exact point I'm making. You have to pay someone to manage something like this. The point (edit: okay, not the point) of this sort of software is to try to minimize those costs, but at the end of the day you still have to pay for them, and often even more.
You still need an admin, even if you use SaaS... someone has to make the SaaS work... this just adds an aditional update every now and then to their workload.
