But having a competent, conscientious pre-test might avoid the downsides of failing the real thing. I can't guess if that's a consideration here; far less, whether it should be, but, IMO, it deserves consideration.
Re^2: Pre-pen testing code review
Replies are listed 'Best First'.
No, honestly, I would let the software fail the pen-test if it is going to. If the pen-tester is competent, this will yield far more results than you ever expected to see, and only then will you be in the proper position to evaluate them all and to create an appropriate remediation plan.
The way that I encourage clients to look at this sort of thing is ... “Look, those defects are out there. The most important thing is to discover them, not to bemoan the fact that they exist. In any and in every piece of software, they do exist.” There is no room for ‘politics’ here, nor for pride. Discover them, fix them, prove they’re gone and that they stay gone.”