To release as Open Source for Audit or to Keep "in house"

For cryptography, it is considered good practice to release the code so others can audit it...is this also true for penetration testing software?