Let's not forget the tool vendors part in this...
One snag is the way that some tool vendors keep releasing significantly different toolset upgrades. Although I'm a fan of Microsoft's development tools/environments/languages etc., and most development shops can take these changes in their stride, organisations that do, or commission, a significant amount of internal development end up with problems. Not only is there the continual cost of training, but also the underlying framework on which a given application relies becomes often becomes obsolete in fairly short order.
Given that most organisations don't refactor their own apps EVER, but do try to keep abreast of new developments, they inevitably end up with a load of mis-matched, soon to be legacy, liabilities.
This breeds two evils. Firstly, even if the code doesn't have holes in it, the underlying frameworks in use probably will for the first couple of years and, more importantly, end users will start to use "work arounds" that may involve all sorts of spreadsheet and MS Access nastiness, to say nothing of things like exposing old databases that were designed for internal use to the Internet with huge attention to graphics but absolutely none to its basic suitability and security.
When I see these adverts promising "manageable code", "long term support", and all the other nonsense designed to tempt IT managers to part with their inadequate budgets, I say a small prayer that the ad's target market are a completely unreconstructed bunch of cynics who have to get wet before they'll believe it really is raining.
Windows carries a huge amount of bloat to ensure backwards compatibility, for perfectly sensible reasons - Couldn't tool vendors make a few more compromises here too?
Change isn't always good.