[PT2.2: 23] Provide penetration testers with all available information.
Penetration testers, whether internal or external, use all available information about their target. Penetration testers can do deeper analysis and find more interesting problems when they have source code, design documents, architecture analysis results, and code review results. Give penetration testers everything you have created throughout the SSDL and ensure they use it. If your penetration tester doesn’t ask for the code, you need a new penetration tester.