No they haven't
“The lessons have already been learnt on modern OSes."
No, they haven't. Supposing Windows is part of the "modern" OSes (and I'd happily argue against this, but given its spread, let's assume yes), they haven't learnt a thing, otherwise they'd have rewritten IE long ago, after designing a proper security layer, and no flaw nor patch would ever exist, covering 6 major versions (http://www.theregister.co.uk/2014/04/27/oops_we_did_it_again_microsoft_warns_of_ie_zero_day/) for a period of now 13 years and counting.
Instead, they kept patching holes after holes, like drunken lemurs scooping water out of their sinking ship, forgetting to plug the big gaping hole first. Why is ActiveX still in W7 by the way ?
"The mitigation techniques are out there and secure development lifecycles are well documented. IoT developers have access to the answers, if end users force them to use them.”
Yes, the technology is here, but end users don't understand a thing, so can't force anything onto vendors. So they won't, and no-one else will, since only end-users have such an interest.
Furthermore, the NAT barrier is today artificially protecting most devices, as an encouragement for doing security wrong safely (from a vendor reputation standpoint). So this will add to the problem.
I personally think the whole thing will rapidly collapse under the impact of security flaws exploited by crooks, together with less than stellar added value, a bit like some electronic "solutions" in cars died under reliability issues for no added value (at least for the part of manufacturers that are still on the reliable cars market, again, customers don't understand a thing, and still a market for gadget cars exist).
I liked this article (http://www.theregister.co.uk/2014/06/17/internet_of_things_fridge_fantasy/) which by the way managed to kill the idea without even digging into some of the difficult aspects (like lapsing dates of food, liability in case of bugs, etc ...).