Should I upgrade or patch Magento?
Magento updates need thorough testing and often adjustments in custom modules and themes. Patches on the other hand should be applied as fast as possible to close the (now public) vulnerabilities.
That's why my recommendation is to always apply patches immediatly, even if you plan to update early.
You may make an exception if your current version is just a "bugfix" release away from the latest version (like 1.9.1.0 vs. 1.9.1.1), but even "minor" updates, like from 1.9.1 to 1.9.2 often introduce big changes.
Let's say you built your shop in the best-practice way without changing any core classes or base template files definitely go for an upgrade. Patches are just there for urgent security issues, the upgrade will give you a lot more like code improvements and functionalities.
Next to that, upgrading minor versions rarely goes wrong, do that every new version and you'll always be up to date.
As always: make sure you have a backup and DON'T do this on a live environment. Set up a dev :)
This is an old question, but I'd like to clear some points, after reading previous answers. This is at least the developer point of view, a business manager won't have any doubt: just upgrade!
Of course, security patches are important for a live production site. But it's not as easy as it seems. In fact, I am pretty convinced a very high % of upgraded (or patched) sites are not really protected with the version / patches they've applied, unless they've done it carefully
Let's say you built your shop in the best-practice way without changing any core classes or base template files definitely go for an upgrade
Well... About app/code changes... When you develop extending Magento classes (the nice way) you are rewriting some methods, which can be (not usual, but they can perfectly be) totally changed in Magento new version, so your rewrite loose any sense
About app/design, it's the same, or even worse... As frontend templates usually have lot of changes from version to version (as it is supposed to be), so the templates you've customized in your theme folder (nice way, again) can use different block methods, etc...
So, I'd recommend a full upgrade only for a very basic Magento project, with just some simple customizations. Just type the command in shell, check a few things & smoke your victory cigarrette
I'd never recommend a full upgrade, unless you & your customer have decided to make a new version of the site, as it is 1,000 times easier (and faster) to re-develop all the custom features you had than explore every single code rewrite & every single template you've customized, to validate if your changes are compliant with Magento new code. The same applies for any extension you had installed
Applying security patches is not a fast task, it requires validating your customizations too, but (even the heavy patches) it is usually a better idea than upgrading the full Magento project, as the working hours for doing the job well done will be kindly lower