How are you tracking the IOS status in your network? It isn't an easy task, even for veteran network engineers (as posted by others before here). With all the bugs, security issues and what not, one can easily get confused.
When I found myself in the situation of deciding if it's time to upgrade or not - and what are the potential issues (open bugs) I'm letting in if I don't upgrade - I decided to revert to an old friend and logged on to Cisco Works Lan Management Solutions.
Browsing through the menus of Resource Manager Essentials (RME), I went into reporting and found what I was looking for. Under the inventory category there was a report called PSIRT Summary report. This one is checking your running version against the Product Security Incident Response Team (PSIRT) data base and tells you what issues are known in the version you are running.
Cisco maintains a site and has RSS feeds, but if you want to know what is the situation without doing in-depth research, this report is your friend.
It takes a CCO account, then you just select which devices to run it against and once the job gets done, you get a report that specifies what are the issues by bug and by device.
Here is a low resolution sample of the output:
By the way, another good report which can help in tracking End of Life, End of Support status is also available under the same category and it's sample output looks like:
Those two reports are new to LMS 3.0, so if you use an older version it's not there.
I always considered Cisco Works a useful tool. It's not easy or intuitive and getting your inventory to it can be challenging (heck, getting it installed is challenging), but still it's a time saver in some of the day-to-day tasks related to operating a Cisco-based network.