The unprecedented surge in Internet of Things (IoT) device deployment has brought forth significant security challenges, primarily arising from vulnerabilities within firmware that facilitate unauthorized access, data exfiltration, and network exploitation. This study undertakes a comprehensive static analysis of 1,520 IoT firmware samples using the Firmware Analysis and Comparison Tool (FACT) alongside metadata from the WikiDevi archive to systematically identify inherent security flaws. Among the key vulnerabilities discovered are improper handling of format strings (CWE-134, 10.07%), memory mismanagement issues (CWE-416, 10.06%; CWE-415, 10.03%), and the presence of exposed debugging interfaces (CWE-782, 10.07%). These results highlight enduring risks in critical domains such as healthcare and industrial IoT, often magnified by insecure coding practices and reliance on outdated software components. To address these systemic shortcomings, this study proposes the Risk Mitigation Modeling for IoT Development Lifecycle (RMMIDL), a secure-by-design framework that embeds proactive security measures throughout each phase of IoT development. RMMIDL offers a systematic and well-defined framework for addressing pervasive risks, enhancing the resilience of IoT ecosystems, and promoting the implementation of robust security measures. Furthermore, this study outlines prospective research directions, emphasizing the potential of integrating large language models (LLMs), broadening the scope of firmware datasets, and fostering industry-wide collaboration to drive advancements in IoT security