Case Study: Mercado Libre achieves secure, scalable software delivery and 98% XSS reduction with HackerOne

Hacker-powered security helps mercado libre scale and deliver

Mercado Libre, Latin America’s largest eCommerce and payments ecosystem, faced the challenge of scaling fast while keeping a sprawling, compliance-bound platform secure. With rapid growth, a large attack surface and the need to ship software quickly, their existing penetration testing and automated scanning checkpoints weren’t enough to catch complex, business‑logic and novel attack vectors across the SDLC.

They launched private HackerOne programs (bounty, Response and Triage) and a continuous vulnerability testing approach to tap a diverse hacker community and streamline report handling. The result: faster, prioritized remediation (critical fix time cut from ~2 weeks to under 48 hours), a 98% reduction in XSS, improved SDLC checkpoints and developer training informed by real findings—enabling proactive risk reduction and secure, scalable delivery.

Mercado Libre

Alejandro Federico Iacobelli

Application Security Senior Manager