Obviously, there is not one correct answer to this, but here are my thoughts on it:
It is an advantages for an attacker to have the source code. Black-Box testing/attacking is - for obvious reasons - harder. Knowing how things work exactly is always better than guessing how they might work. Also, tools that search the source for possible vulnerabilities, well they require the source ;)
But releasing the source also has advantages (at least in theory). More people will read the source code and bugs relevant to the security of the program will surface faster.
This is obviously only an advantages under two conditions:
1. People actually DO read the source code and report issues.
2. The developers fix the issues in a timely manner.
Both points are somewhat controversial. People behind the open source idea often suggest that point 1. happens a lot (which I am not that sure of) and practice shows that point 2. is not followed by many developers (however, if the vulnerability was published openly, any user is at least aware of it and can act accordingly).
So to summaries, it is definitely an advantage for an attacker to have the source code, but the more people review the source, the more bugs are hopefully fixed.