I think it is mostly not true that OWASP is especially highly regarded, and truer to say that it's application security project with the most momentum and highest public profile, and so it's generally the easiest thing to cite.
Lots of good people have contributed to OWASP over the years and I wouldn't want to diminish their work (which is another problem with the project, it's blinded to a lot of critique by the deference it gets). But the idea that someone would take flaws in OWASP, try to reconcile them with the axiom "OWASP is good", and conclude that it's the the bugs fault, not OWASPs; that's pretty alarming.
Lots of good people have contributed to OWASP over the years and I wouldn't want to diminish their work (which is another problem with the project, it's blinded to a lot of critique by the deference it gets). But the idea that someone would take flaws in OWASP, try to reconcile them with the axiom "OWASP is good", and conclude that it's the the bugs fault, not OWASPs; that's pretty alarming.