I was involved with obtaining a previous version of the same certificate when I was at Windows Azure. There were several safeguards in place to stop exactly this scenario from happening. I'm wondering how they broke down.
Dev churn, probably. Could you expand a bit on the sort of safeguards that were in place? A couple of comments here mentioned trello, build scripts or just plain post-its, it'd be interesting to know how bigcorps do it...
The most basic one was that really large sets of people that would get emailed a long time before expiry by the central crypto/cert management system. Microsoft has a very streamlined system internally for obtaining/managing cents since they do so much of it.
Admiral Hyman Rickover (the "Father of the nuclear Navy") had as one of his basic principles that "if you can't point your finger at the person responsible for something, then no one is responsible for it".
