PGP vs GnuPG in Big Business?

CygnusTM asks: "I work for a Fortune 50 company, and we need to expand our PGP installation. We have a quote from Network Associates, but I'd really like to convince the higher-ups that GnuPG is the way to go. The traditional resistance to open source is that there is no one to call when there is a problem, but I also sense there is a little "You get what you pay for" in there, also. How do I get them past this? With enough ammo, maybe I can open the door for other open source software." What are the real advantages and disadvantages of deploying GnuPG over PGP in a corporate environment?

Actually, they're right

[fm6]

You do get what you pay for. But if "what you pay for" is somebody to call when things get broken, open-source versus proprietary is neither here nor there. What's important is whether the people you call are worth the money you're paying them. The people who wrote the software aren't always the best at supporting it. That was true even when Open Source wasn't an option.

And if you insist on paying somebody money for proprietary security software, you're paying them to keep private information that you need to have public. I'm not an open-source true believer, but you can't get around the fact that the security of open-source products is objectively verifiable. With a proprietary product, you have to take the word of the vendor that it's secure. That's bad in and of itself -- and bad again when you recall that the vendor has every incentive to conceal his product's flaws.