there is no hard and fast rule as to what level of patching should be done – it is variable depending upon each situation. You want to be sure you have any and all security updates, while not just adding random updates that are supposed to fix a problem that you do not have. There is always the chance that any patch can cause problems with your install or apps in addition to fixing the problem they are documented to fix!
Personally, to get a good balance of stability (not having a new version every other week) and protection/functionality, I have chosen to upgrade my servers with each hotfix *rollup* release, rather than with each individual update released by Microsoft. You can get a current release list here:
Of course, you want to test any update on a non-critical server (preferably Dev/Test) first, before updating a critical Production server.
DT2115 | Apr 25 2008 1:28PM GMT
Wow – I just re-read this question and see that I completely missed the point. Yes, you do need to rerun any security updates after installing a new named instance, even if the default instance previously installed was already upgraded to SP2. When you launch SP2, it will review all installed SQL instances and tell you which ones (and which components) the upgrade will apply to.