My customer wants to see the results of our penetration test. Should I share the results with outside parties?