Based on my experience, I'm working for one of the big multi-nationals for years.
Bugs fixed quicker in commercial software, are you kidding me?
It's not only that most of the times you have to find workarounds/fixes yourself, it's that since it's commercial and not OSS code, what you'll likely face won't even be decompiled code, it will be bloody OBFUSCATED decompiled code with things like a.b.c.d1() all over the place!!!
At least for the corp I work for (and I'm pretty sure for most corporations out there) the main reasons for go for commercial over OSS is: LEGAL.
Some motherfucker patents "using (some ancient thingy that everyone on the planet uses) to quickly iterate over tree)" and kaboom, with OSS (no protection whatsoever) you need to pay either them directly or lawyers to fend them off.
With commercial software that's seller's problem.
As easy as that.
There are, of course, libs that are too widely used and would seriously harm IT projects if not used, e.g. apache commons libs. Well, for that there is short whitelist of items that "have been reviewed" along with "mitigation strategies".
Every manager is aware of this, so when you have a choice over "ShareIt" or "ShareThis", one is free, one is not, decision is made instantly, "of course we want the non-free one".