We very rarely updated our switches unless there was some really annoying bug that we had to solve.
However, a recent insurance audit indicated that in fact the unpatched switches could be grounds for the insurance company not to pay out in the event of something unpleasant happening.
We now have a remit to keep all switches up-to-date :(
We have a mix of old Ciscos, Extremes, and some newer Arubas.
The Arubas should be easy right? Just deploy from Aruba Central and sip tea while they all update seamlessly... Wrong! A good chunk just refused to update, some updated and rolled back, some successfully updated and then disappeared from Aruba central - never to be seen again. We now have a priority call logged with Aruba asking for them to get us visibility back on the switches (they appear to be running fine though).
Haven't even looked at the Ciscos, and the Extremes only get mentioned in hushed whispers.
Would be interested to hear if any other techs have similar remits...