Especially when most commercial vendors use, package and help maintain said open source stuff. Ubiquiti for example is almost entirely prepack OSS. And pfSense is almost entirely a commercial operation now. Microsoft has their own Linux distro and SQL Server works on linux. The point being commercial vs. open source is a very blurry line. Thank god though that everyone seems to standardise around things like OpenSSL, Suricata and the important bits and contribute to them jointly for everyone's benefit: OSS and Commercial.
The reality of the matter is the support contract and SLA is definitely a required business model for companies, but increasingly it's a holistic solution on bigger bundles of items. Dell recently sold our gullible managers a VX Rail, but it's paid over 5 years with an iron clad support agreement inclusive of everything from hardware to VMWare patching and the related SonicWall appliance (yes, I had no say in the matter <sigh>).