I'd suspect that there's plenty of common ground with the CERT set - good practices are good practices.
What I don't see in this discussion is an honest criticism of the SDL practices being published.
I have directly observed (from my position as a corporate developer that works somewhat closely with Microsoft) that the Microsoft's focus on security since 2003 is sincere and pervasive. They take security seriously.
While I'm no friend of ActiveX, the bleating demands that they scrap the .Net framework (or they're not serious about security) are laughable.
Publishing their internal secure development lifecycle process for all to see is an example of the transparency that is so often trumpeted as a feature of open source development. If you can find flaws in the SDL, I suspect that they'd be happy to discuss it with you. (They've been quite open with our company about their SDL for the past 3 years.)
Having a good process doesn't guarantee perfect results - and I don't think Microsoft is promising perfect results. No sane software development group would. I think this demonstrates an ongoing commitment to security - one that started years ago.
Simply pointing and laughing does not reflect well upon you. Criticize the Microsoft SDL - it's out there, with OSS-style transparency. Start a serious discussion - and offer up improvements, if you can.