Two of the major projects in the list of cosigners on this are the OWASP Top 10 project and ASVS, which are the two big educational projects at OWASP.
I don't especially love either of those projects, but they're arguably the two most important things OWASP works on outside of the conferences. The Top 10 project can't really leave OWASP (ASVS could).
ZAP is the only other project there that I think is all that important to the identity of OWASP itself, but it should just go find its own sponsorship anyways. People like ZAP, but the industry standard is Burp Suite; Burp is Microsoft Office to ZAP's... LibreOffice? Like all the software freedom stuff aside, if you're a professional, you use Word.
Even OWASP Top 10 often seems to be most interesting in the vein of "That thing that was a problem 10 years ago? Yep still a problem." That's a bit unfair. Stuff does move around a bit over time and some new categories come in. But it often mostly seems to document how relatively little things change.
I don't think the OWASP Top 10 is especially good, and in general think it mostly serves as a tool to raise the salience of application security, rather than as a guide to implementing it. It almost doesn't matter what the Top 10 is.
Back when I was attending DevOps Days fairly regularly that's pretty consistent with how I saw the OWASP Top 10 being used--to highlight security in general as opposed to any specific categories.
I don't especially love either of those projects, but they're arguably the two most important things OWASP works on outside of the conferences. The Top 10 project can't really leave OWASP (ASVS could).
ZAP is the only other project there that I think is all that important to the identity of OWASP itself, but it should just go find its own sponsorship anyways. People like ZAP, but the industry standard is Burp Suite; Burp is Microsoft Office to ZAP's... LibreOffice? Like all the software freedom stuff aside, if you're a professional, you use Word.